couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sasha Simkin (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-2027) CORS should not require authentication on preflight OPTIONS request
Date Sat, 05 Apr 2014 03:12:15 GMT


Sasha Simkin commented on COUCHDB-2027:

Had the same issue.
My couchdb settings for CORS is:
credentials = true(Tried false - nothing happens)
headers = accept, authorization, content-type, origin
origins = *

Also tried to set
But there to nothing happens.
Admin party is off. Responce from curl from console:

curl --user usernaem:password -X OPTIONS http://localhost:5984/db_name
curl -X OPTIONS http://localhost:5984/db_name
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST allowed"}(Both requests

Because browser tries set OPTIONS first - he got 405 and stops further processing.
Couchdb version is 1.5.0.

Solution from comment above doesnt works :(

var xhr = new XMLHttpRequest();"GET", "http://cors.enabled.crossorigin.couchdb:5984/dbname/");
xhr.setRequestHeader("Authorization","Basic "+btoa("username:password"));

This works(And return without `Allow` header), but when i write $.get('http://cors.enabled.crossorigin.couchdb:5984/dbname/')
- here is 405, what does that mean?

> CORS should not require authentication on preflight OPTIONS request
> -------------------------------------------------------------------
>                 Key: COUCHDB-2027
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>            Reporter: St├ęphane Alnet
> The discussion in points to an issue
whereby CouchDB is requiring authentication for preflight OPTIONS message where it shouldn't.

This message was sent by Atlassian JIRA

View raw message