CouchDB + HTTPS + CORS

Tue, 15 Sep 2015 07:47:45 -0700 

Hi All,
I am trying to setup CouchDB with HTTPS support and CORS. Having read the docs, I set up the couch configuration as follows: 

➜  curl -X GET https://example.com:6984/_config/cors

{"credentials":"true","origins":"https://example.com","methods":"GET, 
PUT, POST, HEAD, DELETE, OPTIONS","headers":"accept, authorization, 
content-type, origin, referer, x-csrf-token, 
access-control-request-method, access-control-request-headers, 
x-requested-with"}


This looks ok. And options requests with CURL work too:


/➜  curl -i -X OPTIONS -H 'Origin: https://example.com' -H 
'Access-Control-Request-Method: POST' https://example.com:6984/templates//

//HTTP/1.1 204 No Content//
//Server: CouchDB/1.6.1 (Erlang OTP/R16B03)//
//Date: Tue, 15 Sep 2015 14:21:18 GMT//
//Content-Length: 0//
//Access-Control-Max-Age: 12345//
//Access-Control-Allow-Origin: https://example.com//
//Access-Control-Allow-Methods: GET, PUT, POST, HEAD, DELETE, OPTIONS//
//Access-Control-Allow-Headers: //
//Access-Control-Allow-Credentials: true/


/➜  curl -i -X OPTIONS -H 'Origin: https://example.com' -H 
'Access-Control-Request-Method: POST' -H 
'Access-Control-Request-Headers: X-Requested-With' 
https://example.com:6984/templates//

//HTTP/1.1 204 No Content//
//Server: CouchDB/1.6.1 (Erlang OTP/R16B03)//
//Date: Tue, 15 Sep 2015 14:21:34 GMT//
//Content-Length: 0//
//Access-Control-Max-Age: 12345//
//Access-Control-Allow-Origin: https://example.com//
//Access-Control-Allow-Methods: GET, PUT, POST, HEAD, DELETE, OPTIONS//
//Access-Control-Allow-Headers: X-Requested-With//
//Access-Control-Allow-Credentials: true/


However, in the browser, I get strange results. In Chrome, requests to 
couchdb fail with the following error:


/net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED/


No response data is logged, and the request does not even make it to 
couchdb as far as I can tell from the logs.


In Firefox, I get the following error:


/Cross-Origin Request Blocked: The Same Origin Policy disallows reading 
the remote resource at 
https://example.com:6984/templates/_design/templates/_view/all. (Reason: 
CORS request failed)./



I'm not sure why this is happening, as the CURL request works and the 
configuration seems to be correct. Has anyone got any suggestions for 
debugging this?


Thanks

Conor

























					Reply via email to