When I send a curl request to couchDB with the authorization everything works OK
here is the log user@DESKTOP-B5AORRT:/mnt/c/WINDOWS/system32$ curl -v -H "Origin: http://localhost:8084" -H "X-Auth-CouchDB-Roles: users" -H "X-Auth-CouchDB-UserName: 20210907233149" -H "X-Auth-CouchDB-Token: 92f4b91f6854441926ef94a2312f4dc0b75206d2" "http://localhost:5984/_session" * Expire in 0 ms for 6 (transfer 0x7fffdcc4bfb0) * Expire in 1 ms for 1 (transfer 0x7fffdcc4bfb0) * Expire in 0 ms for 1 (transfer 0x7fffdcc4bfb0) * Expire in 2 ms for 1 (transfer 0x7fffdcc4bfb0) * Expire in 1 ms for 1 (transfer 0x7fffdcc4bfb0) * Expire in 2 ms for 1 (transfer 0x7fffdcc4bfb0) * Expire in 3 ms for 1 (transfer 0x7fffdcc4bfb0) * Trying 127.0.0.1... * TCP_NODELAY set * Expire in 200 ms for 4 (transfer 0x7fffdcc4bfb0) * Connected to localhost (127.0.0.1) port 5984 (#0) > GET /_session HTTP/1.1 > Host: localhost:5984 > User-Agent: curl/7.64.0 > Accept: */* > Origin: http://localhost:8084 > X-Auth-CouchDB-Roles: users > X-Auth-CouchDB-UserName: 20210907233149 > X-Auth-CouchDB-Token: 92f4b91f6854441926ef94a2312f4dc0b75206d2 > < HTTP/1.1 200 OK < Access-Control-Allow-Credentials: true < Access-Control-Allow-Origin: http://localhost:8084 < Access-Control-Expose-Headers: content-type, cache-control, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev, x-couchdb-body-time < Cache-Control: must-revalidate < Content-Length: 154 < Content-Type: application/json < Date: Tue, 07 Sep 2021 20:56:08 GMT < Server: CouchDB/3.1.1 (Erlang OTP/20) < {"ok":true,"userCtx":{"name":"20210907233149","roles":["users"]},"info":{"authentication_handlers":["cookie","proxy","default"],"authenticated":"proxy"}} * Connection #0 to host localhost left intact but when I'm doing request from browser with fetch let headers = new Headers(); headers.append('X-Auth-CouchDB-Roles', 'users'); headers.append('X-Auth-CouchDB-UserName', '20210907233149'); headers.append('X-Auth-CouchDB-Token', '92f4b91f6854441926ef94a2312f4dc0b75206d2'); fetch('http://localhost:5984/_session', { headers }) .then(response => response.blob()) .then(blobby => { console.log(blobby); }); it fails with error: Access to fetch at 'http://localhost:5984/_session' from origin ' http://localhost:8084' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status. tried both with credentials: 'include' and without. no luck Is it possible to disable preflight's request authorization check in couchDB?