How would you feel to rename "allows_credentials" to just "credentials"?
In the spec, it's "Access-Control-Allow-Credentials" (no 's' on 'allow'), and headers and methods use this same form, but in this patch the ini file does not use the long (imo) prefix "access-control-allow". I think to be consistent and terse it should just be "credentials" "origins" "headers" and "methods". On Wed, Oct 31, 2012 at 4:52 PM, Benoit Chesneau <[email protected]>wrote: > Hello all, > > So I finally committed my patch about CORS support following the current > W3C working draft [1]. This patch support simple and preflights requests > for a couchdb node. Configuration can also be done for a specific vhost. > > To enable CORS you need to set the option `cors_enable = true` (by default > cors is disable). All origins are matched by default. > > To configure defaults cors settings you need to create the [cors] section > in the ini file: > > [cors] > allows_credentials = false > ; List of origins separated by a comma > ;origins = > ; List of accepted headers separated by a comma > ; headers = > ; List of accepted methods > ; methods = > > allows credentials allows you to accept connections to protected dbs and > nodes. > > > To set the options for a vhosts you will need to create a section with the > vhost name prefixed by "cors:" . Ex for the vhost example.com: > > ; Configuration for a vhost > :[cors:example.com] > ; allows_credentials = false > ; List of origins separated by a comma > ;origins = > ; List of accepted headers separated by a comma > ; headers = > ; List of accepted methods > ; methods = > > Some tests have been added but we need to increase their number to be sure > to cover all the features presented here. > > Anyway please tests, and let me know. This feature is available in the > branch COUCHDB-431_cors: > > Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/0777262f > > Please test and let me know. > > - benoƮt > > > [1] http://www.w3.org/TR/cors/#preflight-request >
