[
https://issues.apache.org/jira/browse/COUCHDB-2027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13899526#comment-13899526
]
Brad Rhoads commented on COUCHDB-2027:
--------------------------------------
I'm not sure if this the same problem or not. But when I do cors request, I get
method_not_allowed. I have explicitly specified OPTIONS for the cors methods,
but this seems to be the basic http methods.
Example:
curl 'https://bdrhoa:[email protected]/estante/appinfo' -X OPTIONS -H
'Access-Control-Request-Method: GET' -H 'Origin: http://localhost:5984' -H
'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: en-US,en;q=0.8' -H
'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36' -H 'Accept: */*' -H
'Referer: http://localhost:5984/estante20140211/_design/library/about.html' -H
'Connection: keep-alive' -H 'DNT: 1' -H 'Access-Control-Request-Headers:
access-control-allow-origin, accept, authorization, content-type' --compressed
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST,PUT,COPY
allowed"}
Also, my "local" server is coucdb 1.2 and I'm the "remote" server is 1.5. It's
only on 1.5 server where the cors needs to be configured, right? The "local"
server could be anything, I just happen to be using a couchapp.
So, is the same bug, a different bug, or am I doing something wrong?
> CORS should not require authentication on preflight OPTIONS request
> -------------------------------------------------------------------
>
> Key: COUCHDB-2027
> URL: https://issues.apache.org/jira/browse/COUCHDB-2027
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Reporter: Stéphane Alnet
>
> The discussion in https://github.com/daleharvey/pouchdb/issues/1003 points to
> an issue whereby CouchDB is requiring authentication for preflight OPTIONS
> message where it shouldn't.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
