You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Michael Phan-Ba (JIRA)" <ji...@apache.org> on 2015/02/04 19:08:35 UTC
[jira] [Commented] (COUCHDB-2027) CORS should not require
authentication on preflight OPTIONS request
[ https://issues.apache.org/jira/browse/COUCHDB-2027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14305634#comment-14305634 ]
Michael Phan-Ba commented on COUCHDB-2027:
------------------------------------------
I have also run into this issue. CouchDB appears to disallow the Authorization header by default.
As of writing, the Authorization header has not been added to the CORS handler:
https://github.com/apache/couchdb-couch/blob/master/src/couch_httpd_cors.erl
For more details:
https://github.com/mikepb/clerk/issues/5
> CORS should not require authentication on preflight OPTIONS request
> -------------------------------------------------------------------
>
> Key: COUCHDB-2027
> URL: https://issues.apache.org/jira/browse/COUCHDB-2027
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Reporter: Stéphane Alnet
>
> The discussion in https://github.com/daleharvey/pouchdb/issues/1003 points to an issue whereby CouchDB is requiring authentication for preflight OPTIONS message where it shouldn't.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)