incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Leitner <florian.leit...@gmail.com>
Subject CouchDB/App, XHR, and the JavaScript Same Origin Policy
Date Fri, 10 Dec 2010 01:05:24 GMT
Hi everybody,

I want to develop an app that essentially could run "out of CouchDB"
itself, much like you can do via CouchApp. There will be two version
of that app, one can be imagined as a "server", holding a huge
(Couch)DB somewhere, the other as "client", which is locally installed
by users and only holds the data they are interested in, inside their
own local (Couch)DB. The interface to that client-CouchDB I would
directly build using CouchApp. So far, this, I understand, should be
exactly what you can do with CouchDB/App. Now here is the issue I
have:

First I want users to be able to POST to the server-CouchDB while
browsing their client-CouchDB/App; That means, imagine you installed
my client app with CouchDB, you will be looking at documents on
localhost:5984/some_db. Now the user should be able to POST a document
to the "server" that is on the domain "example.com:5984/another_db".
Technically, this is made very tough because off the Same Domain
Origin Policy if this POST were done via JavaScript XHR directly from
the user's browser. Furthermore, the app I am working on should also
allow them to gather data from other sites, and users will be able to
download and store data from those other websites into their CouchDB,
too - such as, let's say, adding a XML document from another server,
say "example2.com/xml_rest_resource", to their "client" CouchDB.
Again, doing this directly from the user's browser is prohibitive,
because he is on "localhost:5984", while I want to GET from (and maybe
even POST to) "example2.com".

The only other option I see is dropping the whole CouchApp thing and
creating a man-in-the-middle web server for the "client" part of my
app that communicates with the user's browser and with his local
CouchDB. But this is much like you put Rails or Django in between your
DB and the browser, and feels verrry Unrelaxing... Yet, this
"middleman" then can communicate with other webpages, post to other
CouchDBs, etc, because it isn't locked down by this same origin policy
stuff.

However, if there were a way to create some sort of a XHR proxy
"inside" CouchDB, all these issues would go away, too, because the
users' browser would always only communicate with the "client"
CouchDB, and it would then forward the XHR to other CouchDBs or other
websites. Is this possible to do using CouchDB _only_ or do I really
have to create a separate "web server" outside of CouchDB? Or am I
completely missing something, anyways? I would really love to run this
entire thing based on CouchDB only, because it allows you to use an
existing CouchDB you have installed and makes updating/installing the
application very simple via CouchDB's synchronization/replication
capabilities.

Thanks for any input, thoughts, or stratagems!
Florian

Mime
View raw message