Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@couchdb.apache.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Apache Wiki <wikidiffs@apache.org>
To: Apache Wiki <wikidiffs@apache.org>
Date: Fri, 02 Nov 2012 12:59:26 -0000
Message-ID: <20121102125926.98992.76611@eos.apache.org>
Subject: 
 =?utf-8?q?=5BCouchdb_Wiki=5D_Update_of_=22CORS=22_by_DaveCottlehuber?=
Auto-Submitted: auto-generated

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for c=
hange notification.

The "CORS" page has been changed by DaveCottlehuber:
http://wiki.apache.org/couchdb/CORS

Comment:
getting started on documenting it

New page:
<<Include(EditTheWiki)>>

WARNING!! This page is a temporary gathering spot for CORS documentation wh=
ile the [[https://git-wip-us.apache.org/repos/asf?p=3Dcouchdb.git;a=3Dshort=
log;h=3Drefs/heads/431-feature_cors|git branch]] is in development. It will=
 get merged back into the cors branch when sufficiently clean, and will use=
 the sphinx support being worked on in the [[https://git-wip-us.apache.org/=
repos/asf?p=3Dcouchdb.git;a=3Dshortlog;h=3Drefs/heads/docs|docs branch]].

<<TableOfContents(2)>>

=3D Introducing CORS =3D

By supporting CORS functionality, a CouchDB instance can accept direct conn=
ections to protected DBs and instances, without the browser functionality b=
eing blocked due to the same origin constraint. CORS is [[http://caniuse.co=
m/cors|widely supported]] today on over 90% of browsers.

 * dev list [[http://markmail.org/message/wzdge2nb3xkaqzlk|announcement]] f=
rom @benoitc
 * JIRA [[https://issues.apache.org/jira/browse/COUCHDB-431]]

=3D=3D CORS References =3D=3D

 * [[http://www.w3.org/TR/cors/#preflight-request]]
 * [[http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/]]
 * [[https://developer.mozilla.org/En/HTTP_access_control]]
 * [[https://developer.mozilla.org/En/Server-Side_Access_Control]]

=3D=3D Client-side CORS support and usage =3D=3D

 * [[http://caniuse.com/cors]]
 * [[http://www.html5rocks.com/en/tutorials/cors/]]
 * [[http://www.kendoui.com/blogs/teamblog/posts/11-10-03/using_cors_with_a=
ll_modern_browsers.aspx]]

=3D Features =3D

 * simple requests for a couchdb instance
 * preflight requests for a couchdb instance
 * configuration for a specific CouchDB vhost
 * all origins are matched by default

=3D Configuration =3D

=3D=3D Enabling CORS =3D=3D

To enable CORS support, you need to set the option {{{enable_cors =3D true}=
}} in the {{{httpd}}} section of {{{local.ini}}}. Note that by default, all=
 origins will be accepted.

=3D=3D Tightening Access =3D=3D

To configure defaults cors settings you need to create the [cors] section i=
n the local.ini file:

{{{
[cors]
credentials =3D false
;;; List of origins separated by a comma
; origins =3D
;;; List of accepted headers separated by a comma
; headers =3D
; List of accepted methods
; methods =3D
}}}

To set the options for a vhosts you will need to create a section with the =
vhost name prefixed by "cors:" . Ex for the vhost example.com:


{{{
; Configuration for a vhost
;[cors:example.com]
; credentials =3D false
; List of origins separated by a comma
;origins =3D
; List of accepted headers separated by a comma
; headers =3D
; List of accepted methods
; methods =3D
}}}