Usually CORS issues come up from the browser, but not from devices and emulators, because their origins are file:/// not http:// and XSS doesn't apply to that, afaik.
However, when trying to link js in my index.html, for example, I see the Origin is http:// and not file:///, so I get the dreaded error:
XMLHttpRequest cannot load http://ws.mysite.com/ionic-feed/www/templates/share.html. Origin http://10.0.0.5:8100 is not allowed by Access-Control-Allow-Origin.
An excerpt from my index.html
<script src="ws.myserver.com/ionic-feed/www/js/file1.js"></script>
<script src="js/file2.js"></script>
I'm using .NET and IIS 8.5.
I'm able to $http.get from this server, at the same subdomain. I've enabled CORS in the .NET web-api project (for browser development etc).
But, when I try to load .js files in index.html through , or in AngularJS directives templateUrl: "ws.myserver.com/..." then I get the error.
I've been serving these .js files from the same domain as the .NET web-api project to try to avoid CORS issues of those .js files then requesting $http.get from the web-api, so I've added a Virtual Directory and Application inside the IIS site for the ws.myserver.com web-api project.
I've tried placing web.config files in those application and virtual directories as suggested here. http://enable-cors.org/server_iis7.html That hasn't worked yet.
How do I fix this?
Thanks!!!