Frage
I follow the guide getting started from getting started
For enable CORS the guide proposes this command:
https://stackoverflow.com/questions/19815030
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian $ curl -X PUT $HOST/_config/httpd/enable_cors -d '"true"'
$ curl -X PUT $HOST/_config/cors/origins -d '"*"'
$ curl -X PUT $HOST/_config/cors/credentials -d '"true"'
$ curl -X PUT $HOST/_config/cors/methods -d '"GET, PUT, POST, HEAD, DELETE"'
$ curl -X PUT $HOST/_config/cors/headers -d \
'"accept, authorization, content-type, origin"
But I read in the file default.ini, that I can’t set origins: * and credentials = true at the same time. In effect if I follow the above command the synchronization work well.
Why therefore default.ini say that isn't possible set origins: * and credentials = true?
Lösung
Because the CORS spec says so:
http://www.w3.org/TR/cors/#resource-requests 6.1.3
Have you tried replicating using CORS from two different hosts using credentials with the * setting? If that works that is a bug in CouchDB and we should fix it. Note that CouchDB will allow you to configure things as you describe, but you shouldn’t be able to replicate with credentials across hosts then.
