Currently, web application need to offer some kind of cross-domain HTTP header to access data on other domain: http://openfontlibrary.org/wiki/Web_Font_linking_and_Cross-Origin_Resource_Sharing
Is there any way to configure CouchDB to support unlimited cross-domain access? (it may use apache httpd internally) I'm using the db in-house purpose only.
The easiest way I found to solve it is by using locally installed Apache Web Server with enabled mod_proxy module and configured ProxyPass directive.
Let start with basic setup
index.html has the following content
<html>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script type="text/javascript">
var http = XMLHttpRequest();
http.open('GET', 'http://127.0.0.1:5984/_all_dbs', true); // ! WE WILL CHANGE THIS LINE
http.onreadystatechange = function() {
if (http.readyState == 4 && http.status == 200) {
console.debug('it works');
}
};
http.send(null)
</script>
<head><title>Test Access to CouchDB</title></head>
<body>
</body>
</html>
If you try it just now it will not work because of the cross domain problem (in this instance ports don't match 8181 != 5984).
How to fix it
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyPass /couchdb http://127.0.0.1:5984
(as top level property like ServerAdmin) http.open('GET', 'http://127.0.0.1:5984/_all_dbs', true);
with http.open('GET', '/couchdb/_all_dbs', true);
Try now and you should see 'it works' output in the javascript console (I used Firebug Console)
You could use a CouchDB show function to set the Access-Control-Allow-Origin header.
function(doc, req) {
return {
body : 'whatever',
headers : {
"Access-Control-Allow-Origin": "\"*\""
}
}
}
More info on show functions here: http://guide.couchdb.org/draft/show.html
CouchDB 1.3 solves this with CORS: https://wiki.apache.org/couchdb/CORS
Eonil, I want Cross-Domain access too, but is not supported by CouchDB, you can vote for that feature to be implemented here: https://issues.apache.org/jira/browse/COUCHDB-431
ps: that feature request has been created on 23/Jul/09 :( I hope they hear us.
you should enable CORS in CouchDB > 1.3. This is as simple as editing your default.ini
and setting enable_cors = true
and then modifying origins
under the [cors]
section to have the top level urls you need. For example I had to do the following to whitelist my local grunt server.
enable_cors = true
[cors]
origins = http://127.0.0.1:9000
to fully answer this question though you'd want to set
origins = *
though this could be argued to be a vulnerability, and you should probably restrict the origins more.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With