You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by Apache Wiki <wi...@apache.org> on 2012/11/02 13:59:26 UTC
[Couchdb Wiki] Update of "CORS" by DaveCottlehuber
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.
The "CORS" page has been changed by DaveCottlehuber:
http://wiki.apache.org/couchdb/CORS
Comment:
getting started on documenting it
New page:
<<Include(EditTheWiki)>>
WARNING!! This page is a temporary gathering spot for CORS documentation while the [[https://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=shortlog;h=refs/heads/431-feature_cors|git branch]] is in development. It will get merged back into the cors branch when sufficiently clean, and will use the sphinx support being worked on in the [[https://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=shortlog;h=refs/heads/docs|docs branch]].
<<TableOfContents(2)>>
= Introducing CORS =
By supporting CORS functionality, a CouchDB instance can accept direct connections to protected DBs and instances, without the browser functionality being blocked due to the same origin constraint. CORS is [[http://caniuse.com/cors|widely supported]] today on over 90% of browsers.
* dev list [[http://markmail.org/message/wzdge2nb3xkaqzlk|announcement]] from @benoitc
* JIRA [[https://issues.apache.org/jira/browse/COUCHDB-431]]
== CORS References ==
* [[http://www.w3.org/TR/cors/#preflight-request]]
* [[http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/]]
* [[https://developer.mozilla.org/En/HTTP_access_control]]
* [[https://developer.mozilla.org/En/Server-Side_Access_Control]]
== Client-side CORS support and usage ==
* [[http://caniuse.com/cors]]
* [[http://www.html5rocks.com/en/tutorials/cors/]]
* [[http://www.kendoui.com/blogs/teamblog/posts/11-10-03/using_cors_with_all_modern_browsers.aspx]]
= Features =
* simple requests for a couchdb instance
* preflight requests for a couchdb instance
* configuration for a specific CouchDB vhost
* all origins are matched by default
= Configuration =
== Enabling CORS ==
To enable CORS support, you need to set the option {{{enable_cors = true}}} in the {{{httpd}}} section of {{{local.ini}}}. Note that by default, all origins will be accepted.
== Tightening Access ==
To configure defaults cors settings you need to create the [cors] section in the local.ini file:
{{{
[cors]
credentials = false
;;; List of origins separated by a comma
; origins =
;;; List of accepted headers separated by a comma
; headers =
; List of accepted methods
; methods =
}}}
To set the options for a vhosts you will need to create a section with the vhost name prefixed by "cors:" . Ex for the vhost example.com:
{{{
; Configuration for a vhost
;[cors:example.com]
; credentials = false
; List of origins separated by a comma
;origins =
; List of accepted headers separated by a comma
; headers =
; List of accepted methods
; methods =
}}}