couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nathan Korth (JIRA)" <>
Subject [jira] [Created] (COUCHDB-2292) Using rewrites results in duplicate CORS header
Date Fri, 15 Aug 2014 16:35:18 GMT
Nathan Korth created COUCHDB-2292:

             Summary: Using rewrites results in duplicate CORS header
                 Key: COUCHDB-2292
             Project: CouchDB
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: HTTP Interface
            Reporter: Nathan Korth

I have configured my Couch instance to allow cross-origin requests from localhost:8080 using
the following snippet of local.ini:

enable_cors = true

origins = http://localhost:8080

When I make requests for normal views, Couch sends the Access-Control-Allow-Origin header
as expected, and everything works. However, I also have a simple rewrite that points to a
view, and when I request the rewrite (which does work outside of a browser), I get a header
that looks like this:

Access-Control-Allow-Origin: http://localhost:8080, http://localhost:8080

This causes Chrome to complain with the following error:

XMLHttpRequest cannot load http://my-couch-instance/rewrite-base/rewrite. The 'Access-Control-Allow-Origin'
header contains multiple values 'http://localhost:8080, http://localhost:8080', but only one
is allowed. Origin 'http://localhost:8080' is therefore not allowed access.

This message was sent by Atlassian JIRA

View raw message