On Tue, Apr 19, 2016 at 10:17 PM, Jan Lehnardt <[email protected]> wrote: >> On 19 Apr 2016, at 21:06, Alexander Shorin <[email protected]> wrote: >> >> On Tue, Apr 19, 2016 at 5:53 PM, Nolan Lawson <[email protected]> wrote: >>> Thanks Jan, a setup wizard sounds awesome. Believe me, no one would be >>> happier than me to deprecate add-cors-to-couchdb! :) >> >> What had happened with the story about enable CORS by default, btw? > > trouble is with a wildcard Host header, CORS doesn’t allow any > user credentials (Authorization header etc.) to go over CORS. > > So either we need Admin Party (noooo), or the end user has to > specify the hosts that are allowed to talk to CouchDB, so it’s > not really CORS-by-default.
Aha, I see. Thanks for explanation! -- ,,,^..^,,,
