Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CouchDB cross-domain access from XMLHttpRequest?

Currently, web application need to offer some kind of cross-domain HTTP header to access data on other domain: http://openfontlibrary.org/wiki/Web_Font_linking_and_Cross-Origin_Resource_Sharing

Is there any way to configure CouchDB to support unlimited cross-domain access? (it may use apache httpd internally) I'm using the db in-house purpose only.

like image 993
eonil Avatar asked Jul 30 '10 13:07

eonil


5 Answers

The easiest way I found to solve it is by using locally installed Apache Web Server with enabled mod_proxy module and configured ProxyPass directive.

Let start with basic setup

  • I have Apache Web Server installed on http://127.0.0.1:8181, not configured yet
  • I have CouchDB installed on http://127.0.0.1:5984/
  • I have index.html deployd on Apache on: http://localhost:8181/couchdb.html.

index.html has the following content

<html>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script type="text/javascript">

var http = XMLHttpRequest();
http.open('GET', 'http://127.0.0.1:5984/_all_dbs', true); // ! WE WILL CHANGE THIS LINE
http.onreadystatechange = function() {
    if (http.readyState == 4 && http.status == 200) {
        console.debug('it works');
    }
};
http.send(null)
</script>
<head><title>Test Access to CouchDB</title></head>
<body>
</body>
</html>

If you try it just now it will not work because of the cross domain problem (in this instance ports don't match 8181 != 5984).

How to fix it

  • configure Apache (apache_home/conf/httpd.conf)
    • uncomment LoadModule proxy_module modules/mod_proxy.so
    • uncomment LoadModule proxy_http_module modules/mod_proxy_http.so
    • add ProxyPass /couchdb http://127.0.0.1:5984 (as top level property like ServerAdmin)
    • restart Apache
  • modify index.html
    • replace http.open('GET', 'http://127.0.0.1:5984/_all_dbs', true); with http.open('GET', '/couchdb/_all_dbs', true);

Try now and you should see 'it works' output in the javascript console (I used Firebug Console)

like image 176
rozky Avatar answered Nov 02 '22 04:11

rozky


You could use a CouchDB show function to set the Access-Control-Allow-Origin header.


function(doc, req) {
  return {
    body : 'whatever',
    headers : {
      "Access-Control-Allow-Origin": "\"*\""
    }
  }
}

More info on show functions here: http://guide.couchdb.org/draft/show.html

like image 23
Ben Damman Avatar answered Nov 02 '22 03:11

Ben Damman


CouchDB 1.3 solves this with CORS: https://wiki.apache.org/couchdb/CORS

like image 40
Costa Michailidis Avatar answered Nov 02 '22 05:11

Costa Michailidis


Eonil, I want Cross-Domain access too, but is not supported by CouchDB, you can vote for that feature to be implemented here: https://issues.apache.org/jira/browse/COUCHDB-431

ps: that feature request has been created on 23/Jul/09 :( I hope they hear us.

like image 3
Benja Avatar answered Nov 02 '22 05:11

Benja


you should enable CORS in CouchDB > 1.3. This is as simple as editing your default.ini and setting enable_cors = true and then modifying origins under the [cors] section to have the top level urls you need. For example I had to do the following to whitelist my local grunt server.

enable_cors = true
[cors]
origins = http://127.0.0.1:9000

to fully answer this question though you'd want to set

origins = *

though this could be argued to be a vulnerability, and you should probably restrict the origins more.

like image 3
xenoterracide Avatar answered Nov 02 '22 05:11

xenoterracide