Meteor Android CORS Issue

I have a Meteor app with web cordova Android & iOS Apps. I used to move the app to play store mentioning the port in the create build statement.

meteor run android-device --mobile-server=""

But now, Every build is getting rejected because https not mentioned in the mobile server.

While Changing the mobile server to –mobile-server="

Getting this as errror.
Access to XMLHttpRequest at '' from origin 'http://localhost:12160' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:12160, *', but only one is allowed.", source: http://localhost:12160/cookies (0)
Tried Things:

Tried these things to solve this: 

Meteor.startup(function() {
  console.log('Configuring content-security-policy:');

WebApp.rawConnectHandlers.use(function(req, res, next) {
  res.setHeader("Access-Control-Allow-Origin", "*");
  res.setHeader("Access-Control-Allow-Headers", "Authorization,Content-Type");
  return next();

But no solution found.

Server configuration:

  • Mup Js Used for Deployment

Also attaching the code for mup.js

module.exports = {
  servers: {
    one: {
      host: '',
      username: 'ubuntu',
      // password:
      // or leave blank for authenticate from ssh-agent

meteor: {
    name: 'special',
    path: '../../special',
    volumes: {
      '/var/www/html/uploading_server/files/': '/var/www/html/uploading_server/files/'
    servers: {
      one: {}

    buildOptions: {
      serverOnly: true,
      ROOT_URL: '',
      MONGO_URL: 'mongodb://localhost/meteor'
    dockerImage: 'abernix/meteord:node-8.4.0-base',
    deployCheckWaitTime: 60,
     enableUploadProgressBar: true,

mongo: {
    oplog: true,
    port: 27017,
    servers: {
      one: {},

Let me know what’s missing and needs to be changed. Any help would be appreciated.

The problem is probably with your Access-Control-Allow-Origin header. I recall setting up something similar, in my app I have:

  const origin = req.headers["Origin"] || req.headers["origin"] || "";
  res.setHeader("Access-Control-Allow-Origin", origin);

I think you can also get away with:

  res.setHeader("Access-Control-Allow-Origin", "http://*");
  res.setHeader("Access-Control-Allow-Origin", "https://*");

the issue being that you need to specify the protocol in addition to the * when you cross protocols.

I have configured the NGINX and added Access-Control-Allow-Origin *

Also, attaching the NGINX configuration for your reference.
Do I need to set up express also and set them?

server {
    return 301$request_uri;

server {
      listen 80;
      return 301 $scheme://$request_uri;

server {
      listen 443;
      # --
      # this could be your IP address, a subdomain or a full domain
      # --


      #    ssl_certificate /etc/letsencrypt/live/;
       #  ssl_certificate_key /etc/letsencrypt/live/;

        ssl_certificate /etc/nginx/ssl/www_sitename_com/ssl-bundle.crt;
     ssl_certificate_key /etc/nginx/ssl/www_sitename_com/example_com.key;

    # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        #ssl_certificate /var/www/html/ssl/ssl-bundle.crt;
        #ssl_certificate_key /var/www/html/ssl/example_com.key;
      ssl on;
      access_log /var/log/nginx/access.plygrid.log;
      error_log /var/log/nginx/error.plygrid.log;
      location / {
            proxy_pass http://localhost:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header X-Forwarded-For $remote_addr;
               proxy_set_header        X-Forwarded-Proto $scheme;

add_header 'Access-Control-Allow-Origin' '*';

    add_header              'Access-Control-Allow-Credentials: true' always;
    add_header              'Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS' always;
    add_header              'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,access_token,__setXHR_' always;
    if ($request_method = 'OPTIONS') {
        add_header          'Access-Control-Max-Age' 1728000;
        add_header          'Content-Type' 'text/plain charset=UTF-8';
        add_header          'Content-Length' 0;
        return              204;