couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Rhoads (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-2027) CORS should not require authentication on preflight OPTIONS request
Date Wed, 12 Feb 2014 20:07:23 GMT


Brad Rhoads commented on COUCHDB-2027:

I'm not sure if this the same problem or not. But when I do cors request, I get method_not_allowed.
I have explicitly specified OPTIONS for the cors methods, but this seems to be the basic http
curl '' -X OPTIONS -H 'Access-Control-Request-Method:
GET' -H 'Origin: http://localhost:5984' -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language:
en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36' -H 'Accept: */*' -H 'Referer: http://localhost:5984/estante20140211/_design/library/about.html'
-H 'Connection: keep-alive' -H 'DNT: 1' -H 'Access-Control-Request-Headers: access-control-allow-origin,
accept, authorization, content-type' --compressed
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST,PUT,COPY allowed"}

Also, my "local" server is coucdb 1.2 and I'm the "remote" server is 1.5. It's only on 1.5
server where the cors needs to be configured, right? The "local" server could be anything,
I just happen to be using a couchapp. 

So, is the same bug, a different bug, or am I doing something wrong?

> CORS should not require authentication on preflight OPTIONS request
> -------------------------------------------------------------------
>                 Key: COUCHDB-2027
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>            Reporter: St├ęphane Alnet
> The discussion in points to an issue
whereby CouchDB is requiring authentication for preflight OPTIONS message where it shouldn't.

This message was sent by Atlassian JIRA

View raw message