couchdb
couchdb copied to clipboard
apache
Cross Origin configuration not working
Description
I'm attempting to use CouchDB directly from a browser-based application. I have configured CORs as directed in the documentation, and via the Fauxton Administrative interface, verified it is enabled. However, when I run an XMLHttpRequest in Chrome, it fails with a denial saying that "Http did not return with status code 200".
When running an "OPTIONS" request with curl, it also fails with
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST allowed"}
Steps to Reproduce
Expected Behaviour
After configuring CORs configuration, OPTIONS request respond correctly with appropriate headers.
Your Environment
- CouchDB version used: 2.3
- Browser name and version: Chrome 80.0.3987.116
- Operating system and version: Fedora 31
Additional Context
Looks like a reprise of https://issues.apache.org/jira/browse/COUCHDB-2027 .
Is this a useful workaround for you?
My problem was solved by:
- adding headers= accept, authorization, content-type, origin into [cors] section of local.ini // the docs were not clear to me about this
- Adding an Authorization header in my AJAX request :
$.ajax({
type: "GET",
contentType: "application/json",
dataType: "json",
url: myUrl
beforeSend: setHeader,
error: function (error)
{ console.log(error); }
,
success: function (remoteAppInfo)
{ ... }
});
function setHeader(xhr)
{ console.log("setHeader"); xhr.setRequestHeader('Authorization',"Basic " + btoa("estanteuser:Dnbatfydnkwadm6f")); }
CORS Issue here too. Chrome Browser Version 113.0.5672.93 (Official Build) (64-bit)
Is it possible to configure CouchDB to respond to an HTTP OPTIONS request with a status 200 / response.ok true?
JavaScript Fetch API. CouchDB server fails "blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status."
I have tried using 127.0.0.1, localhost, a domain name, with and without https. Configuration below.
[chttpd]
enable_cors = true
[cors]
origins = *
credentials = true
methods = GET, POST, PUT, DELETE, OPTIONS, HEAD, TRACE, PATCH
headers = accept, authorization, content-type, origin, referer, cache-control, x-requested-with, X-Couch-Id, X-Couch-Rev
JavaScript fetch options:
{
"headers": {
"Content-Type": "application/json",
"method": "GET",
"credentials": "include",
"mode": "cors"
}
}
Does this help? https://stackoverflow.com/questions/30161843/cors-error-in-pouchdb-with-cors-enabled-in-couchdb#comments-30210932
No. I'm simply trying to do basic authentication to CouchDB.
After more testing, the CORS issue surfaces only when I add the 'credentials': 'include' header. ...?
Please check also: https://stackoverflow.com/questions/50914196/cors-requests-with-preflight-on-couchdb/50914749#50914749
I can't make a call to CouchDB with basic authentication whatsoever. I just tried adding the if-match to cors headers. Once you add credentials:include CORS fails. I'm going to try and sniff the HTTP from Fauxton to see what their requests look like.
Seems like a simple working example of a client-side HTTP fetch could be included in the documentation.
Maybe CouchDB is not supposed to respond directly to web browsers? 3 days on this and at some point I suppose I'll have to move on to another DB alltogether.
{
"headers": {
"Authorization": "Basic W29iamVjdCBIVE1MSW5wdXRFbGVtZW50XTpbb2JqZWN0IEhUTUxJbnB1dEVsZW1lbnRd",
"credentials": "include"
}
}