I kept noticing strange behavior with my app sometimes not loading any data from my api. It appears the plugin it would fail to use the port 12344 for the web server, and retry on port 12345 instead, and thus fail to pass the CORS rules for the api where I had whitelisted http://localhost:12344 explicitly.

Usually restarting the app would fix this as it would go back to the proper port.

The solution in my case was to add a few extra ports to my whitelist. So mine now looks like:

    'http://localhost:12344', // wkwebview ios
    'http://localhost:12345', // wkwebview ios
    'http://localhost:12346', // wkwebview ios
    'http://localhost:12347', // wkwebview ios

If you're already enabling CORS for the * origin, then you shouldn't be affected. But that is not a good security best practice, so I think this warning should be added to the readme.

I'm trying to learn a bit about this before starting my first Cordova-based app. My first impression is that avoiding port collision is non-trivial. Is that true or have missed something?