You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Sasha Simkin (JIRA)" <ji...@apache.org> on 2014/04/05 05:12:15 UTC
[jira] [Commented] (COUCHDB-2027) CORS should not require
authentication on preflight OPTIONS request
[ https://issues.apache.org/jira/browse/COUCHDB-2027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13960942#comment-13960942 ]
Sasha Simkin commented on COUCHDB-2027:
---------------------------------------
Had the same issue.
My couchdb settings for CORS is:
[cors]
credentials = true(Tried false - nothing happens)
headers = accept, authorization, content-type, origin
origins = *
Also tried to set
method = OPTIONS,GET,POST,PUT,DELETE,HEAD
But there to nothing happens.
Admin party is off. Responce from curl from console:
curl --user usernaem:password -X OPTIONS http://localhost:5984/db_name
curl -X OPTIONS http://localhost:5984/db_name
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST allowed"}(Both requests above)
Because browser tries set OPTIONS first - he got 405 and stops further processing.
Couchdb version is 1.5.0.
Solution from comment above doesnt works :(
P.s:
var xhr = new XMLHttpRequest();
xhr.open("GET", "http://cors.enabled.crossorigin.couchdb:5984/dbname/");
xhr.setRequestHeader("Authorization","Basic "+btoa("username:password"));
xhr.send();
This works(And return without `Allow` header), but when i write $.get('http://cors.enabled.crossorigin.couchdb:5984/dbname/') - here is 405, what does that mean?
> CORS should not require authentication on preflight OPTIONS request
> -------------------------------------------------------------------
>
> Key: COUCHDB-2027
> URL: https://issues.apache.org/jira/browse/COUCHDB-2027
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Reporter: Stéphane Alnet
>
> The discussion in https://github.com/daleharvey/pouchdb/issues/1003 points to an issue whereby CouchDB is requiring authentication for preflight OPTIONS message where it shouldn't.
--
This message was sent by Atlassian JIRA
(v6.2#6252)