couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Perry (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-2027) CORS should not require authentication on preflight OPTIONS request
Date Fri, 10 Oct 2014 18:50:34 GMT


Joshua Perry commented on COUCHDB-2027:

Having the same issue attempting to access a CouchDB instance directly from a browser javascript
application on Chrome.

OPTIONS /pdk-pslm/_design/update/_update/increment-serial/serialnumber HTTP/1.0
Connection: close
Access-Control-Request-Method: PUT
Origin: chrome-extension://cfdbmlalehifhmmfapedllllgjceddna
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/39.0.2171.13 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

HTTP/1.0 401 Unauthorized
Server: CouchDB/1.6.0 (Erlang OTP/17)
Date: Fri, 10 Oct 2014 18:46:03 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 78
Cache-Control: must-revalidate
Access-Control-Expose-Headers: Cache-Control, Content-Type, Server
Access-Control-Allow-Origin: chrome-extension://cfdbmlalehifhmmfapedllllgjceddna
Access-Control-Allow-Credentials: true

enable_cors = true

origins = *
credentials = true

> CORS should not require authentication on preflight OPTIONS request
> -------------------------------------------------------------------
>                 Key: COUCHDB-2027
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>            Reporter: St├ęphane Alnet
> The discussion in points to an issue
whereby CouchDB is requiring authentication for preflight OPTIONS message where it shouldn't.

This message was sent by Atlassian JIRA

View raw message