diff --git a/miniware/miniware.go b/miniware/miniware.go
index a75dc92..5398557 100644
--- a/miniware/miniware.go
+++ b/miniware/miniware.go
@@ -61,6 +61,17 @@ var upgrader = websocket.Upgrader{
 	ReadBufferSize:   1024,
 	WriteBufferSize:  1024,
 	HandshakeTimeout: 45 * time.Second,
+	CheckOrigin: func(r *http.Request) bool {
+		origin := r.Header.Get("Origin")
+		return origin == "http://127.0.0.1:8080" || // dev
+			origin == "http://localhost:8080" || // dev
+			origin == "http://10.0.2.2:8080" || // Android emulator
+			origin == "http://leapchat.org" || // prod
+			origin == "https://leapchat.org" || // prod
+			origin == "http://www.leapchat.org" || // prod
+			origin == "https://www.leapchat.org" || // prod
+			origin == "http://localhost" // Capacitor
+	},
 }
 
 func Auth(h http.Handler, m *Mapper) func(w http.ResponseWriter, req *http.Request) {
diff --git a/src/components/App.js b/src/components/App.js
index 512fd67..54a1a26 100644
--- a/src/components/App.js
+++ b/src/components/App.js
@@ -57,7 +57,6 @@ class App extends Component {
     this.onInitConnection(pincode);
   };
 
-<<<<<<< HEAD
   createDeviceSession(passphrase) {
     document.location.hash = '#' + passphrase;
   }
@@ -65,31 +64,6 @@ class App extends Component {
   onInitConnection(pincode='') {
     const urlHash = document.location.hash + pincode;
     this.props.initConnection(this.createDeviceSession, urlHash);
-=======
-
-  onInitConnection(pincode='') {
-    this.props.initAuth();
-
-    let urlHash;
-    if (Capacitor.getPlatform() === 'web'){
-      urlHash = document.location.hash + pincode;
-    } else {
-      // for local testing in capacitor, just put in a valid fragment
-      urlHash = '';
-    }
-
-    initiateSessionAndConnect(
-      this.props.initConnection,
-      this.createWebSession,
-      urlHash,
-    );
-  }
-
-  createWebSession(passphrase) {
-    if (Capacitor.getPlatform() === "web"){
-      document.location.hash = "#" + passphrase;
-    }
->>>>>>> b63a58f (CapacitorJS testing WIP)
   }
 
   onToggleModalVisibility = (modalName, isVisible) => {
diff --git a/src/store/epics/chatEpics.js b/src/store/epics/chatEpics.js
index b5ba247..cdae24c 100644
--- a/src/store/epics/chatEpics.js
+++ b/src/store/epics/chatEpics.js
@@ -30,6 +30,12 @@ import ChatHandler from './helpers/ChatHandler';
 import { combineEpics } from 'redux-observable';
 import createDetectVisibilityObservable from './helpers/createDetectPageVisibilityObservable';
 
+// let wsUrl = `${window.location.origin.replace('http', 'ws')}/api/ws/messages/all`;
+// if (Capacitor.isNativePlatform()) {
+//   // wsUrl = 'wss://www.leapchat.org/api/ws/messages/all'
+//   wsUrl = 'ws://10.0.2.2:8080/api/ws/messages/all'
+// }
+
 import { authUrl, wsUrl } from './helpers/urls';
 
 export const chatHandler = new ChatHandler(wsUrl);
diff --git a/src/store/epics/helpers/urls.js b/src/store/epics/helpers/urls.js
index 133a45a..ebe83f5 100644
--- a/src/store/epics/helpers/urls.js
+++ b/src/store/epics/helpers/urls.js
@@ -1,10 +1,9 @@
+import { Capacitor } from '@capacitor/core';
 
-let hostname;
-if (typeof window.location !== "undefined") {
-  hostname = window.location.origin;
-} else {
-  // hard-coded for mobile device scenarios
-  hostname = "http://locahost:8080";
+let hostname = window.location.origin;
+
+if (Capacitor.isNativePlatform()){
+  hostname = "http://10.0.2.2:8080";
 }
 
 export const authUrl = `${hostname}/api/login`;
diff --git a/src/utils/sessions.js b/src/utils/sessions.js
index 58e2929..a0acbc7 100644
--- a/src/utils/sessions.js
+++ b/src/utils/sessions.js
@@ -19,21 +19,30 @@ import { disconnected } from '../store/actions/chatActions';
 // TODO: will be different host from a mobile device, probably if (!window)
 let authUrl = `${window.location.origin}/api/login`;
 
-if (Capacitor.isNativePlatform()){
-  authUrl = "http://192.168.1.247:8080/api/login";
+if (Capacitor.isNativePlatform()) {
+  // authUrl = "https://www.leapchat.org/api/login";
+  authUrl = "http://10.0.2.2:8080/api/login";
 }
 
+// Helper for parsing response from Go API
+//
+// From https://stackoverflow.com/a/36183085
+const b64toBlob = (base64, type = 'application/octet-stream') =>
+      fetch(`data:${type};base64,${base64}`).then(res => res.blob());
 
 async function connectWithAuthRequest(initiateConnection, mID, secretKey, isNewPassphrase) {
-  let response;
-  if (Capacitor.isNativePlatform()){
+  let response, message;
+  if (Capacitor.isNativePlatform()) {
     response = await CapacitorHttp.request({
       url: authUrl,
       headers: {
         'X-Minilock-Id': mID
       },
-      method: 'GET'
+      method: 'GET',
+      responseType: 'blob'  // Makes `response.data` base64-encoded binary data
     });
+
+    message = await b64toBlob(response.data);
   } else {
     response = await fetch(authUrl, {
       method: "GET",
@@ -41,9 +50,10 @@ async function connectWithAuthRequest(initiateConnection, mID, secretKey, isNewP
         'X-Minilock-Id': mID
       }
     });
+
+    message = await response.blob();
   }
-  
-  const message = await response.blob();
+
   miniLock.crypto.decryptFile(message, mID, secretKey,
     function (fileBlob, saveName, senderID) {
       const reader = new FileReader();