[
https://issues.apache.org/jira/browse/COUCHDB-2292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nathan Korth updated COUCHDB-2292:
----------------------------------
Description:
I have configured my Couch instance to allow cross-origin requests from
localhost:8080 using the following snippet of local.ini:
{code}
[httpd]
enable_cors = true
[cors]
origins = http://localhost:8080
{code}
I also set up a simple rewrite:
{code}
{
"from": "/rewrite",
"to": "_view/my-view"
}
{code}
{code}
[httpd_global_handlers]
rewrite-base = {couch_httpd_proxy, handle_proxy_req,
<<"http://localhost:5984/my-db/_design/app/_rewrite";>>}
{code}
When I make requests for normal views, Couch sends the
Access-Control-Allow-Origin header as expected, and everything works. However,
when I request the rewrite (which does work outside of a browser), I get a
header that looks like this:
{code}
Access-Control-Allow-Origin: http://localhost:8080, http://localhost:8080
{code}
This causes Chrome to complain with the following error:
{code}
XMLHttpRequest cannot load http://my-couch-instance/rewrite-base/rewrite. The
'Access-Control-Allow-Origin' header contains multiple values
'http://localhost:8080, http://localhost:8080', but only one is allowed. Origin
'http://localhost:8080' is therefore not allowed access.
{code}
was:
I have configured my Couch instance to allow cross-origin requests from
localhost:8080 using the following snippet of local.ini:
{code}
[httpd]
enable_cors = true
[cors]
origins = http://localhost:8080
{code}
When I make requests for normal views, Couch sends the
Access-Control-Allow-Origin header as expected, and everything works. However,
I also have a simple rewrite that points to a view, and when I request the
rewrite (which does work outside of a browser), I get a header that looks like
this:
{code}
Access-Control-Allow-Origin: http://localhost:8080, http://localhost:8080
{code}
This causes Chrome to complain with the following error:
{code}
XMLHttpRequest cannot load http://my-couch-instance/rewrite-base/rewrite. The
'Access-Control-Allow-Origin' header contains multiple values
'http://localhost:8080, http://localhost:8080', but only one is allowed. Origin
'http://localhost:8080' is therefore not allowed access.
{code}
> Using rewrites results in duplicate CORS header
> -----------------------------------------------
>
> Key: COUCHDB-2292
> URL: https://issues.apache.org/jira/browse/COUCHDB-2292
> Project: CouchDB
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: HTTP Interface
> Reporter: Nathan Korth
>
> I have configured my Couch instance to allow cross-origin requests from
> localhost:8080 using the following snippet of local.ini:
> {code}
> [httpd]
> enable_cors = true
> [cors]
> origins = http://localhost:8080
> {code}
> I also set up a simple rewrite:
> {code}
> {
> "from": "/rewrite",
> "to": "_view/my-view"
> }
> {code}
> {code}
> [httpd_global_handlers]
> rewrite-base = {couch_httpd_proxy, handle_proxy_req,
> <<"http://localhost:5984/my-db/_design/app/_rewrite";>>}
> {code}
> When I make requests for normal views, Couch sends the
> Access-Control-Allow-Origin header as expected, and everything works.
> However, when I request the rewrite (which does work outside of a browser), I
> get a header that looks like this:
> {code}
> Access-Control-Allow-Origin: http://localhost:8080, http://localhost:8080
> {code}
> This causes Chrome to complain with the following error:
> {code}
> XMLHttpRequest cannot load http://my-couch-instance/rewrite-base/rewrite. The
> 'Access-Control-Allow-Origin' header contains multiple values
> 'http://localhost:8080, http://localhost:8080', but only one is allowed.
> Origin 'http://localhost:8080' is therefore not allowed access.
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
