CouchDB cross-domain access from XMLHttpRequest?

Question

Currently, web application need to offer some kind of cross-domain HTTP header to access data on other domain: http://openfontlibrary.org/wiki/Web_Font_linking_and_Cross-Origin_Resource_Sharing

Is there any way to configure CouchDB to support unlimited cross-domain access? (it may use apache httpd internally) I'm using the db in-house purpose only.

Answer 1

The easiest way I found to solve it is by using locally installed Apache Web Server with enabled mod_proxy module and configured ProxyPass directive.

Let start with basic setup

• I have Apache Web Server installed on http://127.0.0.1:8181, not configured yet
• I have CouchDB installed on http://127.0.0.1:5984/
• I have index.html deployd on Apache on: http://localhost:8181/couchdb.html.

index.html has the following content

<html>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script type="text/javascript">

var http = XMLHttpRequest();
http.open('GET', 'http://127.0.0.1:5984/_all_dbs', true); // ! WE WILL CHANGE THIS LINE
http.onreadystatechange = function() {
    if (http.readyState == 4 && http.status == 200) {
        console.debug('it works');
    }
};
http.send(null)
</script>
<head><title>Test Access to CouchDB</title></head>
<body>
</body>
</html>

If you try it just now it will not work because of the cross domain problem (in this instance ports don't match 8181 != 5984).

How to fix it

• configure Apache (apache_home/conf/httpd.conf)
  • uncomment LoadModule proxy_module modules/mod_proxy.so
  • uncomment LoadModule proxy_http_module modules/mod_proxy_http.so
  • add ProxyPass /couchdb http://127.0.0.1:5984 (as top level property like ServerAdmin)
  • restart Apache
• modify index.html
  • replace http.open('GET', 'http://127.0.0.1:5984/_all_dbs', true); with http.open('GET', '/couchdb/_all_dbs', true);

Try now and you should see 'it works' output in the javascript console (I used Firebug Console)

Answer 2

You could use a CouchDB show function to set the Access-Control-Allow-Origin header.

function(doc, req) {
  return {
    body : 'whatever',
    headers : {
      "Access-Control-Allow-Origin": "\"*\""
    }
  }
}

More info on show functions here: http://guide.couchdb.org/draft/show.html

Answer 3

CouchDB 1.3 solves this with CORS: https://wiki.apache.org/couchdb/CORS

Answer 4

Eonil, I want Cross-Domain access too, but is not supported by CouchDB, you can vote for that feature to be implemented here: https://issues.apache.org/jira/browse/COUCHDB-431

ps: that feature request has been created on 23/Jul/09 :( I hope they hear us.

Answer 5

you should enable CORS in CouchDB > 1.3. This is as simple as editing your default.ini and setting enable_cors = true and then modifying origins under the [cors] section to have the top level urls you need. For example I had to do the following to whitelist my local grunt server.

enable_cors = true
[cors]
origins = http://127.0.0.1:9000

to fully answer this question though you'd want to set

origins = *

though this could be argued to be a vulnerability, and you should probably restrict the origins more.