问题
I am trying to move from Cloudant to Jelastic on flow.ch. I am getting CORS errors with pouchdb when testing locally (ionic serve).
Is there any other configuration in Jelastic besides CouchDB I am missing?
XMLHttpRequest cannot load http://xxx.flow.ch/xxx. Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:8100' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
I configured a CouchDB on Jelastic and activated CORS.
Normal access via CURL works. Replication from Cloudant to Jelastic worked as well.
I tried to use a Chrome extension to enable "Allow-Control-Allow-Origin: *"
回答1:
The couchdb docs unfortunately say this:
You can’t set
origins = *andcredentials = trueoption at the same time
So that would seem to imply that if you want cross-origin requests with credentials to work with couchdb, you must set the origins value to an explicit list of allowed origins; for example:
[cors]
origins = http://localhost, https://localhost, http://couch.mydev.name:8080
Incidentally, it seems like this should be raised as an couchdb. There’s no good reason why couchdb shouldn’t support allowing requests from all origins when credentials = true is set.
Many/most other Web server systems support allowing requests from all origins when credentials are included. The way they all handle it is to just take the value of the Origin request header, and essentially just echo it back to the value of the Access-Control-Allow-Origin response header.
It is trivial to implement server code that does that.
But short of actually correcting that deficiency, the couchdb maintainers should at least fix their config-handling code to fail hard when you try to set both origins = * + credentials = true.
Because the thing is, that statement “You can’t set origins = * and credentials = true option at the same” in the docs isn’t true. Clearly you can set both at the same time (as your config screen capture proves)—it’s just that the system doesn’t emit any kind of obvious warning/error to tell you any client requests that send credentials are going to fail if you have couchdb set that way.
来源:https://stackoverflow.com/questions/42742159/cors-issue-with-couchdb-credentials-origin-wildcard