couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Rhoads (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-2027) CORS should not require authentication on preflight OPTIONS request
Date Wed, 12 Feb 2014 20:07:23 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-2027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13899526#comment-13899526
] 

Brad Rhoads commented on COUCHDB-2027:
--------------------------------------

I'm not sure if this the same problem or not. But when I do cors request, I get method_not_allowed.
I have explicitly specified OPTIONS for the cors methods, but this seems to be the basic http
methods.
Example:
curl 'https://bdrhoa:iib6yhbs@estante.maflt.org/estante/appinfo' -X OPTIONS -H 'Access-Control-Request-Method:
GET' -H 'Origin: http://localhost:5984' -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language:
en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36' -H 'Accept: */*' -H 'Referer: http://localhost:5984/estante20140211/_design/library/about.html'
-H 'Connection: keep-alive' -H 'DNT: 1' -H 'Access-Control-Request-Headers: access-control-allow-origin,
accept, authorization, content-type' --compressed
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST,PUT,COPY allowed"}

Also, my "local" server is coucdb 1.2 and I'm the "remote" server is 1.5. It's only on 1.5
server where the cors needs to be configured, right? The "local" server could be anything,
I just happen to be using a couchapp. 

So, is the same bug, a different bug, or am I doing something wrong?

> CORS should not require authentication on preflight OPTIONS request
> -------------------------------------------------------------------
>
>                 Key: COUCHDB-2027
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2027
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>            Reporter: St├ęphane Alnet
>
> The discussion in https://github.com/daleharvey/pouchdb/issues/1003 points to an issue
whereby CouchDB is requiring authentication for preflight OPTIONS message where it shouldn't.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message