CouchDB cross-domain access from XMLHttpRequest?
Currently, web application need to offer some kind of cross-domain HTTP header to access data on other domain: http://openfontlibrary.org/wiki/Web_Font_linking_and_Cross-Origin_Resource_Sharing
Is there any wa开发者_运维百科y to configure CouchDB to support unlimited cross-domain access? (it may use apache httpd internally) I'm using the db in-house purpose only.
The easiest way I found to solve it is by using locally installed Apache Web Server with enabled mod_proxy module and configured ProxyPass directive.
Let start with basic setup
- I have Apache Web Server installed on http://127.0.0.1:8181, not configured yet
- I have CouchDB installed on http://127.0.0.1:5984/
- I have index.html deployd on Apache on: http://localhost:8181/couchdb.html.
index.html has the following content
<html>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script type="text/javascript">
var http = XMLHttpRequest();
http.open('GET', 'http://127.0.0.1:5984/_all_dbs', true); // ! WE WILL CHANGE THIS LINE
http.onreadystatechange = function() {
if (http.readyState == 4 && http.status == 200) {
console.debug('it works');
}
};
http.send(null)
</script>
<head><title>Test Access to CouchDB</title></head>
<body>
</body>
</html>
If you try it just now it will not work because of the cross domain problem (in this instance ports don't match 8181 != 5984).
How to fix it
- configure Apache (apache_home/conf/httpd.conf)
- uncomment
LoadModule proxy_module modules/mod_proxy.so
- uncomment
LoadModule proxy_http_module modules/mod_proxy_http.so
- add
ProxyPass /couchdb http://127.0.0.1:5984
(as top level property like ServerAdmin) - restart Apache
- uncomment
- modify index.html
- replace
http.open('GET', 'http://127.0.0.1:5984/_all_dbs', true);
withhttp.open('GET', '/couchdb/_all_dbs', true);
- replace
Try now and you should see 'it works' output in the javascript console (I used Firebug Console)
You could use a CouchDB show function to set the Access-Control-Allow-Origin header.
function(doc, req) {
return {
body : 'whatever',
headers : {
"Access-Control-Allow-Origin": "\"*\""
}
}
}
More info on show functions here: http://guide.couchdb.org/draft/show.html
CouchDB 1.3 solves this with CORS: https://wiki.apache.org/couchdb/CORS
Eonil, I want Cross-Domain access too, but is not supported by CouchDB, you can vote for that feature to be implemented here: https://issues.apache.org/jira/browse/COUCHDB-431
ps: that feature request has been created on 23/Jul/09 :( I hope they hear us.
you should enable CORS in CouchDB > 1.3. This is as simple as editing your default.ini
and setting enable_cors = true
and then modifying origins
under the [cors]
section to have the top level urls you need. For example I had to do the following to whitelist my local grunt server.
enable_cors = true
[cors]
origins = http://127.0.0.1:9000
to fully answer this question though you'd want to set
origins = *
though this could be argued to be a vulnerability, and you should probably restrict the origins more.
The way I have solved this is to write a 2 line Rebol wrapper CGI and then ask my Ajax in Jquery to call my CGI instead of the URL for getting data from Couchdb:
Rebol [
{wrapper to overcome cross-domain fetching of data from couchdb}
]
print "Content-type: application/json^/" ;text/plain^/"
print read http://127.0.0.1:5984/syncspace/_design/vals/_view/xxxx?group=true
I made a list that returns JSONp...but still read only support
"jsonp": "function(head, req) {
var row;
var rows=[];
while(row = getRow()){
rows.push(row);
}
rj = JSON.stringify({\"rows\" : rows,\"total_rows\":rows.length});
return req.query.callback+\"(\"+rj+\");\";
}",
精彩评论