[
https://issues.apache.org/jira/browse/COUCHDB-2027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13929827#comment-13929827
]
j ermouth commented on COUCHDB-2027:
------------------------------------
To reproduce in console:
var xhr = new XMLHttpRequest();
xhr.open("GET", "http://cors.enabled.crossorigin.couchdb:5984/dbname/";);
xhr.setRequestHeader("Authorization","Basic "+btoa("username:password"));
xhr.send();
XHR fails in Moz and Webkit with 405 error. It happens cause browser tries to
make OPTIONS request before making GET. OPTIONS is not allowed by CouchDB
regardless of [cors] /methods in local.ini.
> CORS should not require authentication on preflight OPTIONS request
> -------------------------------------------------------------------
>
> Key: COUCHDB-2027
> URL: https://issues.apache.org/jira/browse/COUCHDB-2027
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Reporter: Stéphane Alnet
>
> The discussion in https://github.com/daleharvey/pouchdb/issues/1003 points to
> an issue whereby CouchDB is requiring authentication for preflight OPTIONS
> message where it shouldn't.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
