couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sasha Simkin (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-2027) CORS should not require authentication on preflight OPTIONS request
Date Sat, 05 Apr 2014 13:21:15 GMT


Sasha Simkin commented on COUCHDB-2027:

j ermouth, require_valid_user already false.
As i say this request with right credentials works properly:
var xhr = new XMLHttpRequest();"GET", "http://cors.enabled.crossorigin.couchdb:5984/dbname/");
xhr.setRequestHeader("Authorization","Basic "+btoa("username:password"));
This request works with any issues too:
var xhr = new XMLHttpRequest();"GET", "http://cors.enabled.crossorigin.couchdb:5984/dbname/");

But when I try do such requests with jQuery - there is 405. Eg. (Request comes from http://localhost:3000
which present in [cors] origins)
Request URL:https://cors.enabled.crossorigin.couchdb/dbname/
Request Method:OPTIONS
Status Code:405 Method Not Allowed
Request Headersview parsed
OPTIONS /dbname/ HTTP/1.1
Host: cors.enabled.crossorigin.couchdb
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Access-Control-Request-Method: GET
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.149
Access-Control-Request-Headers: accept, x-csrf-token
Accept: */*
DNT: 1
Referer: http://localhost:3000/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Here is response from server(CouchDb behind nginx, but such behaviour if not):
HTTP/1.1 405 Method Not Allowed
Server: nginx/1.4.7
Date: Sat, 05 Apr 2014 13:09:50 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 76
Connection: keep-alive
Cache-Control: must-revalidate
Access-Control-Expose-Headers: Content-Type, Server, Allow
Access-Control-Allow-Origin: http://localhost:3000
Access-Control-Allow-Credentials: true
Such behaviour if I send OPTIONS request from curl with or without credentials.

> CORS should not require authentication on preflight OPTIONS request
> -------------------------------------------------------------------
>                 Key: COUCHDB-2027
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>            Reporter: St├ęphane Alnet
> The discussion in points to an issue
whereby CouchDB is requiring authentication for preflight OPTIONS message where it shouldn't.

This message was sent by Atlassian JIRA

View raw message