couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Shorin <kxe...@gmail.com>
Subject Re: Admin party considered harmful
Date Tue, 19 Apr 2016 19:36:36 GMT
On Tue, Apr 19, 2016 at 10:17 PM, Jan Lehnardt <jan@apache.org> wrote:
>> On 19 Apr 2016, at 21:06, Alexander Shorin <kxepal@gmail.com> wrote:
>>
>> On Tue, Apr 19, 2016 at 5:53 PM, Nolan Lawson <nolan@nolanlawson.com> wrote:
>>> Thanks Jan, a setup wizard sounds awesome. Believe me, no one would be
>>> happier than me to deprecate add-cors-to-couchdb! :)
>>
>> What had happened with the story about enable CORS by default, btw?
>
> trouble is with a wildcard Host header, CORS doesn’t allow any
> user credentials (Authorization header etc.) to go over CORS.
>
> So either we need Admin Party (noooo), or the end user has to
> specify the hosts that are allowed to talk to CouchDB, so it’s
> not really CORS-by-default.

Aha, I see. Thanks for explanation!

--
,,,^..^,,,

Mime
View raw message