couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dale Harvey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-1862) Configuring CORS could be more intuitive
Date Fri, 26 Jul 2013 11:55:48 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-1862?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13720707#comment-13720707
] 

Dale Harvey commented on COUCHDB-1862:
--------------------------------------

In my head we want to allow 3 default configurations, off, world-readable, world-writable,
within this it means when the user wants to limit read or write configuration within a restricted
set of hosts they simply set world-readable / world-writable then set origins

The note 'Note that credentials=true and origins=* are mutually exclusive.' should not apply
to couch, it retricts what the server can respond with to a client, but not what a configuration
can be (as far as I can tell this restriction is actually broken anyway, '*' and with_credentials
is working fine for me)

I think this can simply be implemented as more sensible defaults hanging off the current configuration
options of 

enable_cors=false => off
enable_cors=true => world-resable 
enable_cors=true, credentials=true => world writable

This is mostly just changes to the defaults when these config items are set, the Authorization
and Cookie headers should be added when with_credentials=true, and the origins should be *
by default.

The user can explicitly set any of these options to restrict the defaults (this currently
works)
                
> Configuring CORS could be more intuitive
> ----------------------------------------
>
>                 Key: COUCHDB-1862
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1862
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>            Reporter: Dale Harvey
>
> In general cors configuration is confusing, the original implementation of the couch
config is sufficient but I think we should introduce more sensible defaults.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message