Meteor added a way to suppress CORS headers in 2.14 (DISABLE_SOCKJS_CORS), which is great. The default ones were problematic.
However, removing them altogether breaks Cordova applications.
Is there a way to slip in a “Access-Control-Allow-Origin” header in the response to that intial to “sockjs/info” call? It would be fantastic if I could manually add that header with the value I need.
If I know things right then you should always be able to manipulate all incoming requests using WebApp.rawConnectHandlers.use and then add a middleware that adds respective headers or call next to pass handling on to all other requests.
Thanks for the response. Between the connect and rawConnect handlers, I can get some things, but the sockjs stuff seems to be completely inaccessible.
I have a feeling I will need to access internal ‘use-at-your-own-risk’ properties at this point, but I don’t know what those would be. Nothing I have tried has worked.
I no longer deal with this logic in the Meteor app, instead add this header on the edge using Cloudflare Workers. Far easier to deal with, modify, etc. without re-deploying the Meteor app each time.