couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "j ermouth (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-2027) CORS should not require authentication on preflight OPTIONS request
Date Tue, 11 Mar 2014 01:11:45 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-2027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13929827#comment-13929827
] 

j ermouth commented on COUCHDB-2027:
------------------------------------

To reproduce in console:
var xhr = new XMLHttpRequest();
xhr.open("GET", "http://cors.enabled.crossorigin.couchdb:5984/dbname/");
xhr.setRequestHeader("Authorization","Basic "+btoa("username:password"));
xhr.send();

XHR fails in Moz and Webkit with 405 error. It happens cause browser tries to make OPTIONS
request before making GET. OPTIONS is not allowed by CouchDB regardless of [cors] /methods
in local.ini.

> CORS should not require authentication on preflight OPTIONS request
> -------------------------------------------------------------------
>
>                 Key: COUCHDB-2027
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2027
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>            Reporter: St├ęphane Alnet
>
> The discussion in https://github.com/daleharvey/pouchdb/issues/1003 points to an issue
whereby CouchDB is requiring authentication for preflight OPTIONS message where it shouldn't.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message