Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@couchdb.apache.org
Received-SPF: pass (athena.apache.org: domain of mikeal.rogers@gmail.com
 designates 209.85.216.180 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=S26rwLWuznoJbG3DEchazGQNfSkgDp86tUVq4LrTvOBEJji6Wb1R/UyesOMEg+wYlr
         /LjCm/5MEYNDkYejUkQAwKF4XMFxwg54JHESIpkl4xCLk+D6vpQiOehXMwmLtEvb7eyg
         oLN+2taUika2/yTLM5jipbd4/2FKIS6/OZ2Ds=
MIME-Version: 1.0
In-Reply-To: <1BB0D011-FEA7-41D6-88F9-1EDC9D3B009A@thisonejustforme.com>
References: <AANLkTikqkKU9aaVC1R2bx65_6VGT7H58_3BCxggcCfn9@mail.gmail.com>
	<AANLkTim35jkA_k9kawwSg673Wd2dXEkuSc7fr-iJKOr=@mail.gmail.com>
	<AANLkTikAi3jPZL+twbCuxioZpeHZ4NMVhHCHCyVRvqWR@mail.gmail.com>
	<367552.30084.qm@web58308.mail.re3.yahoo.com>
	<AANLkTimKCv0FP3=kc6Y0ZK9nAgBkyjbYr7Tp3u7k-aS_@mail.gmail.com>
	<7CE77B75-EED5-496A-B0E1-C0957660D3BD@thisonejustforme.com>
	<AANLkTinG_kXgK6ygwVu+5j4EsxBVBT5L3rpupzYfo9Jj@mail.gmail.com>
	<1BB0D011-FEA7-41D6-88F9-1EDC9D3B009A@thisonejustforme.com>
Date: Fri, 15 Oct 2010 17:22:38 -0700
Message-ID: <AANLkTinu8aOrH5CXtuMPoVTjtzu+L1wQ6diHUMtd5hOr@mail.gmail.com>
Subject: Re: JavaScript and CouchDB
From: Mikeal Rogers <mikeal.rogers@gmail.com>
To: user@couchdb.apache.org
Content-Type: multipart/alternative; boundary=00163630febdc3a8e60492b0f047

--00163630febdc3a8e60492b0f047
Content-Type: text/plain; charset=ISO-8859-1

You can't do cross domain POST without proper Access Control headers which
we don't support. I sent an email to the dev list recently about adding
support but it hasn't gone anywhere yet.

JSONP can be enabled for GET requests. Browser won't let you do POST or PUT.

-Mikeal

On Fri, Oct 15, 2010 at 5:11 PM, Tracy Flynn
<couchdb@thisonejustforme.com>wrote:

> Does 'disable by default' mean it's disabled in the default configuration
> but could be turned on if the configuration/compilation option is known? Or
> that it's simply not available?
>
> If it's truly disabled, then the only solution I can see is to introduce a
> proxy that allows a JSON Post (with appropriate security) and then turn
> around and do the appropriate operations on CouchDB using permitted HTTP
> operations.
>
> I'm thinking my way around an associated issue. Some of the feeds I'm
> supporting with CouchDB are paid, some are public. The only way I've so far
> figured out to protect the 'for pay' feeds and provide metering is to
> introduce a proxy in front of CouchDB to perform those functions.
>
>
> On Oct 15, 2010, at 8:01 PM, Mikeal Rogers wrote:
>
> > This is standardized as JSONP which we disable by default because of
> > security implications. This only works for GET, doesn't work for PUT.
> >
> > On Fri, Oct 15, 2010 at 4:58 PM, Tracy Flynn
> > <couchdb@thisonejustforme.com>wrote:
> >
> >> Fabio
> >>
> >> You might consider the work-around offered by jQuery 1.4.x to the
> >> same-origin problem.
> >>
> >> In a nutshell, they package all Ajax-like requests as a request for a
> >> resource - think image or javascript file - which does NOT have the
> >> limitations of the same-origin policy - and then 'unpack' the result and
> >> make it available to the client as if the 'Ajax-like' request had been
> >> issued directly.
> >>
> >>
> >> A fragment like the following does the trick
> >>
> >>
> >> <html>
> >>
> >> <head>
> >>   <title>JSON Call Test Page</title>
> >>   <script type="text/javascript" src="
> >> http://localhost:8080/javascripts/jquery-1.4.2.min.js"></script>
> >>   <script type="text/javascript" src="
> >> http://localhost:8080/javascripts/json2.min.js"></script>
> >> </head>
> >> <body>
> >>
> >> <script type="text/javascript">
> >>    $(document).ready(function() {
> >>        $.getJSON("http://localhost:8080/some.js" ,
> >>            function(json){
> >>
>  $("#somelement").html(json.some_variable_containing_html);
> >>                $("#somelement").show();
> >>            }
> >>        )
> >>    });
> >>
> >> </script>
> >> </body>
> >> </html>
> >>
> >>
> >> The call that services the 'some.js' request just needs to return
> whatever
> >> JSON data you want the call to return. Since it's requesting a resource,
> and
> >> not really making an Ajax call - all is well.
> >>
> >> If HTML isn't what you want, you could pass back Javascript embedded in
> a
> >> JSON structure, and then evaluate the result. I've done that
> successfully
> >> too.
> >>
> >> Works like a charm where I've used the facility.
> >>
> >> Tracy
> >>
> >>
> >> On Oct 15, 2010, at 2:41 PM, Paul Davis wrote:
> >>
> >>> You'll need to read up on the Same Origin Policy:
> >>>
> >>> http://en.wikipedia.org/wiki/Same_origin_policy
> >>>
> >>>
> >>> On Fri, Oct 15, 2010 at 2:34 PM, Fabio Batalha C Santos Santos
> >>> <fabiobcs@yahoo.com.br> wrote:
> >>>> Hello everybody,
> >>>>
> >>>> I'm newby in couchDB.
> >>>>
> >>>>
> >>>> I'm trying to develop a "Google Analytics" like applications storing
> >> access log
> >>>> metadata in a CouchDB database. Take a look at
> >>>>
> http://github.com/fabiobatalha/Analytics---CouchDB/tree/master/logger/
> >>>>
> >>>> The idea is:
> >>>>
> >>>> Create a logger JavaScript that will be responsible to register all
> >> accesslog
> >>>> metadata in a CouchDB database. It works like the ga.js Google
> Anaytics.
> >> In the
> >>>> bottom of each page will hava a call to a JavaScript function that
> will
> >> make use
> >>>> of couch.js functions to register logaccess metadata in CouchDB
> >>>>
> >>>> The problem:
> >>>>
> >>>> I'm trying to make use of the couch.js script but the couch.js on
> works
> >> if the
> >>>> request is made from the same host and port were the CouchDB is
> >> installed.
> >>>> Instead of it, my application is in a different host. How can I
> >> configure the
> >>>> connection to the couchDB using the couch.js
> >>>>
> >>>>
> >>>> Thanks in advance.
> >>>> Fabio Batalha
> >>>>
> >>>>
> >>>>
> >>>>
> >>
> >>
>
>

--00163630febdc3a8e60492b0f047--