incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nils Breunese <N.Breun...@vpro.nl>
Subject Re: CouchDB/App, XHR, and the JavaScript Same Origin Policy
Date Fri, 10 Dec 2010 09:51:11 GMT
I think it's more CouchApp-y to not think about separate server and client applications, but
just putting the app on the user's local CouchDB. You'd use CouchDB replication to synchronize
the big master CouchDB and the user's local instance. That way you'll never run into things
like same origin policy restrictions, etc.

Nils.

Op 10 dec 2010, om 02:05 heeft Florian Leitner het volgende geschreven:

> Hi everybody,
>
> I want to develop an app that essentially could run "out of CouchDB"
> itself, much like you can do via CouchApp. There will be two version
> of that app, one can be imagined as a "server", holding a huge
> (Couch)DB somewhere, the other as "client", which is locally installed
> by users and only holds the data they are interested in, inside their
> own local (Couch)DB. The interface to that client-CouchDB I would
> directly build using CouchApp. So far, this, I understand, should be
> exactly what you can do with CouchDB/App. Now here is the issue I
> have:
>
> First I want users to be able to POST to the server-CouchDB while
> browsing their client-CouchDB/App; That means, imagine you installed
> my client app with CouchDB, you will be looking at documents on
> localhost:5984/some_db. Now the user should be able to POST a document
> to the "server" that is on the domain "example.com:5984/another_db".
> Technically, this is made very tough because off the Same Domain
> Origin Policy if this POST were done via JavaScript XHR directly from
> the user's browser. Furthermore, the app I am working on should also
> allow them to gather data from other sites, and users will be able to
> download and store data from those other websites into their CouchDB,
> too - such as, let's say, adding a XML document from another server,
> say "example2.com/xml_rest_resource", to their "client" CouchDB.
> Again, doing this directly from the user's browser is prohibitive,
> because he is on "localhost:5984", while I want to GET from (and maybe
> even POST to) "example2.com".
>
> The only other option I see is dropping the whole CouchApp thing and
> creating a man-in-the-middle web server for the "client" part of my
> app that communicates with the user's browser and with his local
> CouchDB. But this is much like you put Rails or Django in between your
> DB and the browser, and feels verrry Unrelaxing... Yet, this
> "middleman" then can communicate with other webpages, post to other
> CouchDBs, etc, because it isn't locked down by this same origin policy
> stuff.
>
> However, if there were a way to create some sort of a XHR proxy
> "inside" CouchDB, all these issues would go away, too, because the
> users' browser would always only communicate with the "client"
> CouchDB, and it would then forward the XHR to other CouchDBs or other
> websites. Is this possible to do using CouchDB _only_ or do I really
> have to create a separate "web server" outside of CouchDB? Or am I
> completely missing something, anyways? I would really love to run this
> entire thing based on CouchDB only, because it allows you to use an
> existing CouchDB you have installed and makes updating/installing the
> application very simple via CouchDB's synchronization/replication
> capabilities.
>
> Thanks for any input, thoughts, or stratagems!
> Florian

------------------------------------------------------------------------
 VPRO
 phone:  +31(0)356712911
 e-mail: info@vpro.nl
 web:    www.vpro.nl
------------------------------------------------------------------------

Mime
View raw message