cors - Options method not allowed for _users database in CouchDB -
i'm trying change user's password within application connects couchdb domain. code more or less same example in couchdb docs, i.e. document, change data, send put request changes. issue occurring put request - because of cors browser tries options request before sending put request, options request returning 405 method not allowed.
does have idea of how around this?
here's request headers in case it's helpful:
options /_users/org.couchdb.user:clinic_admin http/1.1 host: localhost:15984 connection: keep-alive pragma: no-cache cache-control: no-cache access-control-request-method: put origin: https://localhost:15000 user-agent: mozilla/5.0 (macintosh; intel mac os x 10_10_5) applewebkit/537.36 (khtml, gecko) chrome/44.0.2403.157 safari/537.36 access-control-request-headers: content-type, if-match accept: */* referer: https://localhost:15000/webapp/ accept-encoding: gzip, deflate, sdch accept-language: en-us,en;q=0.8,ja;q=0.6,sv;q=0.4,zh-cn;q=0.2
there 2 options here. prefer option #2 i'll start #1.
option 1: configure cors correctly
often 405 errors in couchdb due misconfigurations, e.g. not including possible headers , methods, of there lot if want support browsers/devices.
on pouchdb team we've gathered "best practices" single module: add-cors-to-couchdb, should work both couchdb 1.6.1 , couchdb 2.0. run:
npm install --global add-cors-to-couchdb add-cors-to-couchdb http://example.com:5984 -u admin_username -p admin_password
this should fix problem; if not, check out tests pouchdb or pouchdb-authentication use method test against database running @ localhost:5984
(including changing user's password, you're trying do).
option 2: avoid cors using reverse proxy
this best option. it's better few reasons:
- spend couple minutes configuring apache/nginx avoid cors altogether, save headaches later trying cors work correctly
- cors less performant no-cors because browser needs preflight options requests, add latency during replication
- this easier in mobile hybrid apps; cordova has a one-liner option whitelist domains , avoid cors.
i typically use nginx reverse proxy guide couchdb , route database running @ example.com/couchdb
. e.g.:
location /couchdb { rewrite /couchdb/(.*) /$1 break; proxy_pass http://localhost:5984; proxy_redirect off; proxy_buffering off; proxy_set_header host $host; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; }
note may break /_utils
(futon/fauxton), best bet in cases set reverse tunnel server via ssh , @ locally:
ssh -l3000:localhost:5984 user@example.com # open localhost:3000/_utils in browser
you don't want futon/fauxton exposed world anyway.
the advantages here can block off methods or parts of couchdb using nginx/apache, typically more flexible http options available in couchdb.
Comments
Post a Comment