1
  • I am using the axios package to send API requests from my app to my backend
  • The backend is built with Laravel and is a simple rest API
  • If I run the Ionic app on desktop using ionic serve it works fine
  • If I build an APK and install the app:
    • on an Android device with version 8 or below it works fine
    • on an Android device with version 9 or above the preflight checks keep failing

preflight fail

(This is using the remote devices feature by Chrome to inspect requests from the app)

  • Initially, the requests wouldn't even send and it would error out before then and so I setup my network security configuration for Android and that removed the initial error but now it keeps failing on preflight
  • My suspcion is that it might be related to the fact that the requests on the app are being sent from http://localhost but I'm not sure how to resolve this. Can you force it to use an SSL? If so, how?
  • My CORS setup for Laravel is more leniant than the default CORS config that Laravel ships with:
return [
    'paths' => ['*'],
    'allowed_methods' => ['*'],
    'allowed_origins' => ['*'],
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => false,
];
Script47
  • 14,230
  • 4
  • 45
  • 66

1 Answers1

0

The issue was related to SSL/TLS pinning which axios doesn't deal with as per this comment.

The Ionic Native HTTP plugin handles the pinning natively and that worked for but of course it makes use of Cordova which isn't available on your non-mobile devices.

There were two potential solutions:

  1. Implement SSL/TLS pinning natively
  2. Create a service/factory which determines whether we want to use axios or the native plugin

I opted for #2 - if you want information regarding #1, see this answer.

The following method for me determines which HTTP wrapper to use:

static makeRequest() {
    return isPlatform('cordova') ? cordovaHttpService : axiosHttpService;
}

Of course, that can be amended with each specific case.

Script47
  • 14,230
  • 4
  • 45
  • 66