[
https://issues.apache.org/jira/browse/COUCHDB-1862?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13720707#comment-13720707
]
Dale Harvey commented on COUCHDB-1862:
--------------------------------------
In my head we want to allow 3 default configurations, off, world-readable,
world-writable, within this it means when the user wants to limit read or write
configuration within a restricted set of hosts they simply set world-readable /
world-writable then set origins
The note 'Note that credentials=true and origins=* are mutually exclusive.'
should not apply to couch, it retricts what the server can respond with to a
client, but not what a configuration can be (as far as I can tell this
restriction is actually broken anyway, '*' and with_credentials is working fine
for me)
I think this can simply be implemented as more sensible defaults hanging off
the current configuration options of
enable_cors=false => off
enable_cors=true => world-resable
enable_cors=true, credentials=true => world writable
This is mostly just changes to the defaults when these config items are set,
the Authorization and Cookie headers should be added when
with_credentials=true, and the origins should be * by default.
The user can explicitly set any of these options to restrict the defaults (this
currently works)
> Configuring CORS could be more intuitive
> ----------------------------------------
>
> Key: COUCHDB-1862
> URL: https://issues.apache.org/jira/browse/COUCHDB-1862
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Reporter: Dale Harvey
>
> In general cors configuration is confusing, the original implementation of
> the couch config is sufficient but I think we should introduce more sensible
> defaults.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
