I haven’t developed on Cloud9 so I can’t be sure, referencing these CORS issues I ran into may help:
Opening the demo in Safari returns this error: WebSocket connection to 'ws://nameless-reaches-32969.herokuapp.com…github.com
I've registered on the demo website (http://sling-chat.s3-website-us-west-2.amazonaws.com/), creating and joining a…github.com
I replaced CORSPlug with Corsica in this project, and I found it is necessary to whitelist the allowed headers — this is my best guess as to what the issue may be:
plug Corsica, allow_headers: ~w(Accept Content-Type Authorization Origin)
Does Cloud9 allow you to see the Phoenix server logs in development? That may offer more insight.