couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dale Harvey (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-1862) Configuring CORS could be more intuitive
Date Fri, 26 Jul 2013 11:55:48 GMT


Dale Harvey commented on COUCHDB-1862:

In my head we want to allow 3 default configurations, off, world-readable, world-writable,
within this it means when the user wants to limit read or write configuration within a restricted
set of hosts they simply set world-readable / world-writable then set origins

The note 'Note that credentials=true and origins=* are mutually exclusive.' should not apply
to couch, it retricts what the server can respond with to a client, but not what a configuration
can be (as far as I can tell this restriction is actually broken anyway, '*' and with_credentials
is working fine for me)

I think this can simply be implemented as more sensible defaults hanging off the current configuration
options of 

enable_cors=false => off
enable_cors=true => world-resable 
enable_cors=true, credentials=true => world writable

This is mostly just changes to the defaults when these config items are set, the Authorization
and Cookie headers should be added when with_credentials=true, and the origins should be *
by default.

The user can explicitly set any of these options to restrict the defaults (this currently
> Configuring CORS could be more intuitive
> ----------------------------------------
>                 Key: COUCHDB-1862
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>            Reporter: Dale Harvey
> In general cors configuration is confusing, the original implementation of the couch
config is sufficient but I think we should introduce more sensible defaults.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message