couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: Admin party considered harmful
Date Tue, 19 Apr 2016 19:17:50 GMT

> On 19 Apr 2016, at 21:06, Alexander Shorin <kxepal@gmail.com> wrote:
> 
> On Tue, Apr 19, 2016 at 5:53 PM, Nolan Lawson <nolan@nolanlawson.com> wrote:
>> Thanks Jan, a setup wizard sounds awesome. Believe me, no one would be
>> happier than me to deprecate add-cors-to-couchdb! :)
> 
> What had happened with the story about enable CORS by default, btw?

trouble is with a wildcard Host header, CORS doesn’t allow any
user credentials (Authorization header etc.) to go over CORS.

So either we need Admin Party (noooo), or the end user has to
specify the hosts that are allowed to talk to CouchDB, so it’s
not really CORS-by-default.

Best
Jan
--



Mime
View raw message