CORS Configuration for Couchdb

Question

I have read a bunch of blogs and stack overflow posts and everything I see says to add the CORS configuration to the local.ini file as follows:

[httpd]
enable_cors = true

[cors]
credentials = true
origins = *

Our JS to query Couchdb looks like:

$.ajax({
            url: "http://xxxx:8093/query/service?statement=select member from edc",
            type: 'GET',
            dataType: 'json',
            crossDomain: true,
            success: function(data) {
              console.log("data: " + JSON.stringify(data));
            },
            error: function(xhr, status, err) {
              console.log("error: " + err + " xhr: " + JSON.stringify(xhr));
            },
            complete: function(data) {
                alert('complete: ' + JSON.stringify(data))
              }
          })

After stopping and restarting the windows service I am still receiving the error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://phx01-vm117.matrixhealth.net:8093/query/service?statement=select%20member%20from%20edc. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

Any help about the configuration or about the GET request would be great, thank you! Using addons or running the browser in un-secure mode is not an option

Answer 1

I know a lot of time has passed between when this question was asked and my answer, but I thought I'd share just in case anyone's Google search sends them here.

This issue is caused by only including half of the required CORS options. See the answer to a very similar question here: how to edit local.ini to enable CROS with couchdb

Instead of including:

[cors]
credentials = true
origins = *

you need to include:

[cors]
credentials = true
origins = *
methods = GET, PUT, POST, HEAD, DELETE
headers = accept, authorization, content-type, origin, referer

You'd think the former enables CORS.. and it does, but then you need to explicitly give it permissions.