Set x_mtok Cookie on Cordova

client.js

@@ -1,5 +1,6 @@
 import { Mongo }           from 'meteor/mongo';
 import { Meteor }          from 'meteor/meteor';
+import { DDP }             from 'meteor/ddp-client';
 import { Cookies }         from 'meteor/ostrio:cookies';
 import { check, Match }    from 'meteor/check';
 import { UploadInstance }  from './upload.js';
@@ -113,29 +114,20 @@ export class FilesCollection extends FilesCollectionCore {
     }
 
     const setTokenCookie = () => {
-      if ((!cookie.has('x_mtok') && Meteor.connection._lastSessionId) || (cookie.has('x_mtok') && (cookie.get('x_mtok') !== Meteor.connection._lastSessionId))) {
-        cookie.set('x_mtok', Meteor.connection._lastSessionId, {
-          path: '/'
-        });
-      }
-    };
-
-    const unsetTokenCookie = () => {
-      if (cookie.has('x_mtok')) {
-        cookie.remove('x_mtok', '/');
+      if (Meteor.connection._lastSessionId) {
+        cookie.set('x_mtok', Meteor.connection._lastSessionId, { path: '/' });
+        if (Meteor.isCordova) {
+          cookie.send();
+        }
       }
     };
 
     if (typeof Accounts !== 'undefined' && Accounts !== null) {
-      Meteor.startup(() => {
-        setTokenCookie();
-      });
-      Accounts.onLogin(() => {
-        setTokenCookie();
-      });
-      Accounts.onLogout(() => {
-        unsetTokenCookie();
+      DDP.onReconnect((conn) => {
+        conn.onReconnect = setTokenCookie;
       });
+      Meteor.startup(setTokenCookie);
+      Accounts.onLogin(setTokenCookie);
     }
 
     check(this.onbeforeunloadMessage, Match.OneOf(String, Function));

package.js

@@ -16,7 +16,7 @@ Npm.depends({
 Package.onUse(function(api) {
   api.versionsFrom('1.6.1');
   api.use('webapp', 'server');
-  api.use(['reactive-var', 'tracker', 'http'], 'client');
+  api.use(['reactive-var', 'tracker', 'http', 'ddp-client'], 'client');
   api.use(['mongo', 'check', 'random', 'ecmascript', 'ostrio:cookies@2.3.0'], ['client', 'server']);
   api.addAssets('worker.min.js', 'client');
   api.mainModule('server.js', 'server');

server.js

@@ -21,6 +21,8 @@ import nodePath from 'path';
 const bound = Meteor.bindEnvironment(callback => callback());
 const NOOP  = () => {  };
 
+const originRE = /^http:\/\/localhost:12\d\d\d$/;
+
 /*
  * @locus Anywhere
  * @class FilesCollection
@@ -59,6 +61,7 @@ const NOOP  = () => {  };
  * @param config.interceptDownload {Function} - [Server] Intercept download request, so you can serve file from third-party resource, arguments {http: {request: {...}, response: {...}}, fileRef: {...}}
  * @param config.disableUpload {Boolean} - Disable file upload, useful for server only solutions
  * @param config.disableDownload {Boolean} - Disable file download (serving), useful for file management only solutions
+ * @param config.disableCORS  {Boolean}  - [Server]   Disable Cordova CORS access
  * @param config._preCollection  {Mongo.Collection} - [Server] Mongo preCollection Instance
  * @param config._preCollectionName {String}  - [Server]  preCollection name
  * @summary Create new instance of FilesCollection
@@ -90,6 +93,7 @@ export class FilesCollection extends FilesCollectionCore {
         namingFunction: this.namingFunction,
         responseHeaders: this.responseHeaders,
         disableDownload: this.disableDownload,
+        disableCORS: this.disableCORS,
         allowClientCode: this.allowClientCode,
         downloadCallback: this.downloadCallback,
         onInitiateUpload: this.onInitiateUpload,
@@ -205,6 +209,10 @@ export class FilesCollection extends FilesCollectionCore {
       this.disableDownload = false;
     }
 
+    if (!helpers.isBoolean(this.disableCORS)) {
+      this.disableCORS = false;
+    }
+
     if (!helpers.isObject(this._currentUploads)) {
       this._currentUploads = {};
     }
@@ -435,6 +443,23 @@ export class FilesCollection extends FilesCollectionCore {
       return;
     }
     WebApp.connectHandlers.use((httpReq, httpResp, next) => {
+      if (!this.disableCORS && !!~httpReq._parsedUrl.path.indexOf(`${this.downloadRoute}/`) && !httpResp.headersSent) {
+        if (originRE.test(httpReq.headers.origin)) {
+          httpResp.setHeader('Access-Control-Allow-Credentials', 'true');
+          httpResp.setHeader('Access-Control-Allow-Origin', httpReq.headers.origin);
+        }
+
+        if (httpReq.method === 'OPTIONS') {
+          httpResp.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+          httpResp.setHeader('Access-Control-Allow-Headers', 'Range, Content-Type, x-mtok, x-start, x-chunkid, x-fileid, x-eof');
+          httpResp.setHeader('Access-Control-Expose-Headers', 'Accept-Ranges, Content-Encoding, Content-Length, Content-Range');
+          httpResp.setHeader('Allow', 'GET, POST, OPTIONS');
+          httpResp.writeHead(200);
+          httpResp.end();
+          return;
+        }
+      }
+
       if (!this.disableUpload && !!~httpReq._parsedUrl.path.indexOf(`${this.downloadRoute}/${this.collectionName}/__upload`)) {
         if (httpReq.method === 'POST') {
           const handleError = (_error) => {