Is it is good practice to use internal localhost server for wkwebview by ionic team?

Question

Official ionic doc https://ionicframework.com/docs/wkwebview/#cors

CORS

Unfortunately there’s no API to disable this, so you’ll need to ensure any remote API that your app use, implement CORS correctly: CORS MDN Docs

Origin: http://localhost:8080 CORS checklist:

Whitelist Origin: http://localhost:8080 Whitelist Methods Whitelist Header CORS preflight request (OPTION)

I don't think it as a good practice by ionic team . Suppose if i have a back-end server where i allow 'localhost:8080' for ionic .

Then any person can make a script to hit continually to my server by hiting it from his local 'localhost:8080' server , which can make my back-end stack .

What you think the approach to be ?

score 0 · Answer 1 · answered Aug 25 '18 at 12:53

CORS is not to protect your backend from requests.

CORS can protect client (like a browser or Cordova app webview) from accessing and working with content from a backend, that doesn't think it is a good idea to do that.

If a bad actor wants to make requests to your server, they will just use a method that does not handle or respect CORS headers (like e.g. Ionic Native's Native HTTP wrapper).

Is it is good practice to use internal localhost server for wkwebview by ionic team?

1 Answers1