AyanamiSan edited a comment on issue #3074: URL: https://github.com/apache/couchdb/issues/3074#issuecomment-673455225
Seems my curl request was missing 'Origin' header, here are corrected versions (the spaces after parameters are optional, and does not change result) ``` frater260@frater260 ~ 21:16:10$ curl -i -X OPTIONS -H 'Origin: http://10.23.5.1' -H 'Content-Type: application/json' -d '{"name":"a","password":"a"}' 10.7.7.31:5984/_session HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://10.23.5.1 Access-Control-Expose-Headers: content-type, cache-control, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev, x-couchdb-body-time Cache-Control: must-revalidate Connection: close Content-Length: 61 Content-Type: application/json Date: Thu, 13 Aug 2020 12:16:22 GMT Server: CouchDB/3.1.0 (Erlang OTP/22) X-Couch-Request-ID: 6b1c31e832 X-CouchDB-Body-Time: 0 X-Frame-Options: DENY {"error":"unauthorized","reason":"Authentication required."} ``` ``` frater260@frater260 ~ 21:13:54$ curl -i -H 'Origin: http://10.23.5.1' -H 'Content-Type: application/json' -d '{"name":"a","password":"a"}' 10.7.7.31:5984/_session HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://10.23.5.1 Access-Control-Expose-Headers: content-type, cache-control, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev, x-couchdb-body-time Cache-Control: must-revalidate Content-Length: 34 Content-Type: application/json Date: Thu, 13 Aug 2020 12:16:09 GMT Server: CouchDB/3.1.0 (Erlang OTP/22) Set-Cookie: AuthSession=YTo1RjM1MkYwQTofhP6AIyBfKaDYe0v5_VK3b8zrUQ; Version=1; Expires=Fri, 14-Aug-2020 12:16:10 GMT; Max-Age=86400; Path=/; HttpOnly; SameSite=Strict X-Frame-Options: DENY {"ok":true,"name":"a","roles":[]} ``` I think my problem is that OPTIONS request returns 4XX response instead of expected 2XX. I will need to do some more testing to check if that's the problem, and if/how can I fix that problem on my side. (I also see that OPTIONS returns 405 status code for requests with cookie - I would expect it to send 204 No Content, but seems in some settings or with some browsers it works correctly regardless of the response status) ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org