Cordova app sends file:// as Origin header.
Of course, since the app is being loaded from the filesystem, this behavior is not too surprising.
However, our backend correctly refuses this origin. See for example: https://github.com/playframework/playframework/issues/5193
This answer suggests that Cordova apps should not be sending the file:// Origin header, which would work correctly:
Cross-domain policy does not apply to PhoneGap (for a variety of reasons, basically because your app is essentially running off the file:// URI on-device).
We are using the whitelist plugin, but that does not prevent the Origin: file:// header from being sent to the server.
It would be ideal for us if Cordova just didn't send the Origin header at all. Can it be configured this way?
