Closed calvinmetcalf closed 10 years ago
Also, I am -1 on this, because apparently it will still work if credentials
is true on the server but false on the client, but not the reverse. IMO add-cors-to-couchdb
should open the floodgates; fiddling with stuff that may or may not break PouchDB should be left to advanced users.
@nolanlawson
it will still work if credentials is true on the server but false on the client, but not the reverse
It works just because server implicitly turns credentials to false when origin is * - that's why you don't notice the issue. Relaying on implicit behaviours is bad practice since one day you can find everything broken. Better fix PouchDB and config.
so closing this as setting credentials=false will make lots of previous version of pouchdb stop working, that being said we need to fix pouchdb so it only sets credentials=true when it actually has credentials.
we can reopen this as an option that defaults to false maybe a -s --strict
When I try to use my local CouchDB via PouchDB with
credentials
not set totrue
, I see this error in Chrome:This is apparently because we hard-code the xhr to
xhr.withCredentials = true;
. We need to resolve https://github.com/pouchdb/pouchdb/issues/2513 first.