That’s the thing… my server app is expecting to have an origin… But yeah it’s really “web centric” and not “native app centric”, I agree… I should probably allow empty “origin” for mobile app…
Thanks for the read !! Really appreciate your quickly answers 
Though, Cookies is a great mechanisme to ensure that something is coming from the server and isn’t manipulate by anything else… the fact that "they are pretty non-existent " in the native world doesn’t mean we don’t have to use them…
Though (bis), I agree that we can have a different mechanism, no worries