We are trying to send HTTP cross domain requests to CouchDB.
To achieve this, we set up CouchDB with the following settings (inspired from the add-cors-to-couchdb tool ):
[HTTPD]
enable_cors = true
[CORS]
origins = *
credentials = true
methods = GET, PUT, POST, HEAD, DELETE
headers = accept, authorization, content-type, origin, referer, x-csrf-token
And wrote code similar to this (but not hardcoded of course):
<html>
<body>
<script>
fetch("http://acme.org:5984/mydb/323958d9b42be0aaf811a3c96b4e5d9c", {
method: 'DELETE',
headers: {'If-Match': "1-0c2099c9793c2f4bf3c9fd6751e34f95"}
}).then(x => {
if (x.ok) return x.json().then(console.log);
console.error(x.statusText);
});
</script>
</body>
</html>
While it works fine with GET
and POST
, we get 405 Method not allowed
on DELETE
. The browser tells that the preflight response (to the OPTIONS
request) was not successful, while the server indicates {"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST,PUT,COPY allowed"}
.
We tried both with CouchDB 2.1.1 and 1.6.1. We also tried to replace origins: *
with origins: http://localhost:8080
(where 8080 is the port serving the HTML above). We tried also to set credentials
to false
.
From a comment by @Ingo Radatz to a related question, I finally got that EVERY header used in the request must be included in CouchDB CORS settings.
In my personal case, I had to include if-match
in the accepted headers:
[HTTPD]
enable_cors = true
[CORS]
origins = *
methods = GET, PUT, POST, HEAD, DELETE
headers = accept, authorization, content-type, origin, referer, if-match
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.