Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 97175 invoked from network); 10 Dec 2010 15:46:37 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 10 Dec 2010 15:46:37 -0000 Received: (qmail 39030 invoked by uid 500); 10 Dec 2010 15:46:35 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 38798 invoked by uid 500); 10 Dec 2010 15:46:35 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 38790 invoked by uid 99); 10 Dec 2010 15:46:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 10 Dec 2010 15:46:34 +0000 X-ASF-Spam-Status: No, hits=4.8 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL,T_URIBL_BLACK_OVERLAP,URIBL_BLACK,URIBL_JP_SURBL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of florian.leitner@gmail.com designates 209.85.214.177 as permitted sender) Received: from [209.85.214.177] (HELO mail-iw0-f177.google.com) (209.85.214.177) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 10 Dec 2010 15:46:28 +0000 Received: by iwn38 with SMTP id 38so5825034iwn.8 for ; Fri, 10 Dec 2010 07:46:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:content-type :content-transfer-encoding; bh=ZUOQH6Qd+/URAoQ9ewTKSwNqf6rwK2NW7NC1cnsY7jY=; b=p/Fl8xxt8asi3IXZ0il1d0PWTEg6Tt3vZYhLht0ITwobrWd77A+HSosYwKbu9oDD7t johTQyUSkLcn9Yz4tRSZCvo115fh+GFXfzfjnH4O/KgyIDPdpBPc+/yc7Y6LiC/slNHm 1VIgl6mBAc/brphlL4xiTJSZnnyJrmBGEZo7w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; b=h6ZYSpRG14pon0fA3Ib/xZhCKZB3Zp4BgVdqM5tVyo0qtT4yC1NNPRlJW5Bxy8Y/U+ 3c5p8f4J4kCf+59qlp0Y8rs59wWBHCD+M0w6rpH+lkm1izMRomL0Cje9C5TiQ6WGm3fB nCh18t/TjhCWfZqXCHcqXAkPQLHPLczqfQe9w= Received: by 10.231.30.71 with SMTP id t7mr547479ibc.153.1291995966819; Fri, 10 Dec 2010 07:46:06 -0800 (PST) MIME-Version: 1.0 Received: by 10.231.25.138 with HTTP; Fri, 10 Dec 2010 07:45:46 -0800 (PST) In-Reply-To: References: From: Florian Leitner Date: Fri, 10 Dec 2010 16:45:46 +0100 Message-ID: Subject: Re: CouchDB/App, XHR, and the JavaScript Same Origin Policy To: user@couchdb.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Hi Nils, Thanks for your suggestion! However, I am completely aware of the fact that you can do replication and synchronization in CouchDB. Maybe I did not explain myself sufficiently: What I need to do is find a way to make CORS (Cross-Origin Resource Sharing) requests to websites that do not actually implement CORS (i.e., provide the CORS headers you have to add to your server responses) via an application that uses CouchDB as its permanent storage. By "coincidence", those requests could be sent to sites could even be sites running CouchDB and even my application, but that do not actually share any data. The only way to do that seems to use some "man-in-the-middle" webserver solution, or if CouchDB would provide some means to create a XHR (XmlHttpRequest) proxy, so you can work around that Single Origin Policy problem. So, if it were a "man-in-the-middle" solution by adding a web server (which seems the only way to go so far), it should be as flexible as CouchDB and at the very least run on all three main desktop platfoms: Linux, Apple, and Windoze. The current solutions I have found so far not really work out: LivelyCouch & node.js does not work on Windoze (bummer, but I can understand the guys...). XULRunner/XULjet only works for desktop apps, so I realized it doesn't really solve my issue either, because you would have to create two interfaces: one for the server part based - for example - via LivelyCouch, and one for XULRunner/XULjet to make a desktop app that can run on many different platforms. This is the closest I currently got to a solution, but it isn't optimal, because I will have to maintain two interface libraries... Regards, Florian On 10 December 2010 10:51, Nils Breunese wrote: > I think it's more CouchApp-y to not think about separate server and clien= t applications, but just putting the app on the user's local CouchDB. You'd= use CouchDB replication to synchronize the big master CouchDB and the user= 's local instance. That way you'll never run into things like same origin p= olicy restrictions, etc. > > Nils. > > Op 10 dec 2010, om 02:05 heeft Florian Leitner het volgende geschreven: > >> Hi everybody, >> >> I want to develop an app that essentially could run "out of CouchDB" >> itself, much like you can do via CouchApp. There will be two version >> of that app, one can be imagined as a "server", holding a huge >> (Couch)DB somewhere, the other as "client", which is locally installed >> by users and only holds the data they are interested in, inside their >> own local (Couch)DB. The interface to that client-CouchDB I would >> directly build using CouchApp. So far, this, I understand, should be >> exactly what you can do with CouchDB/App. Now here is the issue I >> have: >> >> First I want users to be able to POST to the server-CouchDB while >> browsing their client-CouchDB/App; That means, imagine you installed >> my client app with CouchDB, you will be looking at documents on >> localhost:5984/some_db. Now the user should be able to POST a document >> to the "server" that is on the domain "example.com:5984/another_db". >> Technically, this is made very tough because off the Same Domain >> Origin Policy if this POST were done via JavaScript XHR directly from >> the user's browser. Furthermore, the app I am working on should also >> allow them to gather data from other sites, and users will be able to >> download and store data from those other websites into their CouchDB, >> too - such as, let's say, adding a XML document from another server, >> say "example2.com/xml_rest_resource", to their "client" CouchDB. >> Again, doing this directly from the user's browser is prohibitive, >> because he is on "localhost:5984", while I want to GET from (and maybe >> even POST to) "example2.com". >> >> The only other option I see is dropping the whole CouchApp thing and >> creating a man-in-the-middle web server for the "client" part of my >> app that communicates with the user's browser and with his local >> CouchDB. But this is much like you put Rails or Django in between your >> DB and the browser, and feels verrry Unrelaxing... Yet, this >> "middleman" then can communicate with other webpages, post to other >> CouchDBs, etc, because it isn't locked down by this same origin policy >> stuff. >> >> However, if there were a way to create some sort of a XHR proxy >> "inside" CouchDB, all these issues would go away, too, because the >> users' browser would always only communicate with the "client" >> CouchDB, and it would then forward the XHR to other CouchDBs or other >> websites. Is this possible to do using CouchDB _only_ or do I really >> have to create a separate "web server" outside of CouchDB? Or am I >> completely missing something, anyways? I would really love to run this >> entire thing based on CouchDB only, because it allows you to use an >> existing CouchDB you have installed and makes updating/installing the >> application very simple via CouchDB's synchronization/replication >> capabilities. >> >> Thanks for any input, thoughts, or stratagems! >> Florian > > ------------------------------------------------------------------------ > =C2=A0VPRO > =C2=A0phone: =C2=A0+31(0)356712911 > =C2=A0e-mail: info@vpro.nl > =C2=A0web: =C2=A0 =C2=A0www.vpro.nl > ------------------------------------------------------------------------ >