On Tue, Apr 19, 2016 at 10:17 PM, Jan Lehnardt <[email protected]> wrote:
>> On 19 Apr 2016, at 21:06, Alexander Shorin <[email protected]> wrote:
>>
>> On Tue, Apr 19, 2016 at 5:53 PM, Nolan Lawson <[email protected]> wrote:
>>> Thanks Jan, a setup wizard sounds awesome. Believe me, no one would be
>>> happier than me to deprecate add-cors-to-couchdb! :)
>>
>> What had happened with the story about enable CORS by default, btw?
>
> trouble is with a wildcard Host header, CORS doesn’t allow any
> user credentials (Authorization header etc.) to go over CORS.
>
> So either we need Admin Party (noooo), or the end user has to
> specify the hosts that are allowed to talk to CouchDB, so it’s
> not really CORS-by-default.

Aha, I see. Thanks for explanation!

--
,,,^..^,,,

Reply via email to