Created
March 26, 2011 18:56
-
-
Save max-mapper/888539 to your computer and use it in GitHub Desktop.
couchdb cors _show function, put in the shows folder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function(head, req){ | |
return { | |
"headers": { | |
"Access-Control-Allow-Origin": "*" | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"from": "", | |
"to": "_show/cors", | |
"method": "OPTIONS" | |
} | |
] |
My new idea is you put /db/_security
{ "readers": ["blah"]
, "admins": ["blah"]
, "cors": { "origins": [ "http://some.foreign.origin.com", "http://somecouch.iriscouch.com:5984" ]
}
}
And couch will support an OPTIONS query for any resource in that database, returning the headers it needs based on the client Origin
your validate_doc_update() can also decide about cross-origin updates, based on req.headers.Origin
vs. sec.cors.origins
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is not going to work. The CORS policy needs to be specified in a database-wide way because that is how access-control works. The validate_doc_update() will want to see the req.headers.Origin value so it can decide about cross-origin permission. In other words, whether a request was cross-origin can be a factor in the validator policy.
Furthermore, OPTIONS must be supported for any resource that couch serves, so it needs support from couch http to cover all possible requests. Maybe you could bluff with _show and _update but that spins up a couchjs for every http query.
I am working on a couchdb plugin to handle this natively based on the db/_security object. Let me know if you want to try it out.