1

I am facing issue in my Ionic app . Rest api is written in Scala which is working properly in Website and Ionic app on browser and on postman . But it is not working on App. I am facing 403 issue when i am hitting that API. I tried to update scala config file 

 cors {
  pathPrefixes = ["/api"]
  }

Now it is working fine in app but not in browser , What to do ? Is it issue from API end or Ionic code end? My code is as following 

let params = {"vendor._id":"1"};    
let headers = new Headers({
      "Content-Type": "application/json"
    });
    let options = new RequestOptions({
      headers: headers
    });

     this.http.post('apiurl',params, options)
Improve this question

1 Answer 1

Reset to default
2

This is Play framework issue with Cordova. The following link will explain it:

https://forum.ionicframework.com/t/ionic-http-request-with-403-error-on-ipad-device/50269/3

Reason:

Cordova sends a request through having header Origin: file://…

You can check this link to deal with that Play! 2.4: How to allow CORS from origin file://

Remove default course filter which you import from Play framework and write your condition based filter:

import play.api.Logger
import play.api.libs.concurrent.Execution.Implicits.defaultContext
import play.api.mvc._
import play.mvc.Http

/**
  * Allow CORS from anywhere, any method
  */
class CORSFilter extends EssentialFilter {
  def apply(nextFilter: EssentialAction) = new EssentialAction {
    def apply(requestHeader: RequestHeader) = {
      nextFilter(requestHeader)
        .map { result =>
          if (requestHeader.method.equals("OPTIONS")) {
            Results.Ok.withHeaders(
              Http.HeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN -> "*",
              Http.HeaderNames.ACCESS_CONTROL_ALLOW_HEADERS -> "Access-Control-Allow-Origin,X-Requested-With, Accept, Content-Type,application, idUser, access-control-allow-methods, token, access-control-allow-credentials, Authorization",
              Http.HeaderNames.ACCESS_CONTROL_ALLOW_METHODS -> "HEAD,GET,POST,PUT,PATCH,DELETE")
          } else {
            result.withHeaders(
              Http.HeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN -> "*",
              Http.HeaderNames.ACCESS_CONTROL_ALLOW_HEADERS -> "X-Requested-With, Accept, Content-Type",
              Http.HeaderNames.ACCESS_CONTROL_ALLOW_METHODS -> "HEAD,GET,POST,PUT,PATCH,DELETE",
              Http.HeaderNames.ACCESS_CONTROL_EXPOSE_HEADERS -> "X-Custom-Header-To-Expose")
          }
        }
    }
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.