CORS - Cross Origin Resource Sharing using CouchDB
Recently I tried to build a simple application which creates simple math questions, and records the time taken by the student to finish one page of questions. The short story is that I finally succeeded in implementing the question generation by using Javascript without any server side programming. But what about recording the time taken? We need some database in some server for that.
I want to use a database, but I don't want to code server-side. So I guess CouchDB is a good choice, given that it supports REST-based API and all. It turned out that calling HTTP REST service from the browser is much more complicated than calling the same service from the server.
To make a long story short, here is what I found :
I want to use a database, but I don't want to code server-side. So I guess CouchDB is a good choice, given that it supports REST-based API and all. It turned out that calling HTTP REST service from the browser is much more complicated than calling the same service from the server.
To make a long story short, here is what I found :
- Javascript running in a page in a web browser are not allowed to call urls outside the domain of the page.
- Except, when the server serving the URL specifically allowed this by giving Cross Origin Resource Sharing header.
- Credentials passing is doubly difficult, because there is a separate Allow Credentials header required, and the involvement of preflight requests, which is a http request with OPTIONS method that were issued before the actual request. The facts are :
- Credentials will not be passed when the browser is doing a preflight request
- Simple requests, with custom Authentication header (containing the said credentials), will be performed using preflight request first because the existence of such header
- Some CouchDB servers will reject the OPTIONS header when were requested in some URL, with not authorized HTTP status.
- Debugging CORS in Firebug/Firefox is a nightmare. Use Chrome for better sanity.
- Cloudant CouchDB server will not give CORS header for _uuid URL. This might be true for other servers. CORS configuration must be done using curl (see this gist)
- Couchappy CouchDB server keeps requesting authentication even for OPTIONS request. Couchappy have CORS section in the configuration.
- My Iriscouch CouchDB server have intermittent availability problems. Unreliable for development use. Something wrong might happened during my registration/service provisioning. Iriscouch keeps showing no CORS header even after I enabled it in the Futon configuration.
- Using cloudant server, configure CORS using curl with allow_credentials false and allow-origin *.
curl -k -i -u username -X PUT https://username.cloudant.com/_api/v2/user/config/cors -H "Content-Type: application/json" -d '{"enable_cors":true,"allow_credentials":false,"allow_methods":["GET","PUT","POST","DELETE","OPTIONS"],"origins":{"*":{}}}'
- Configure the database using Cloudant's Dashboard UI so Everyone has write and read access
- Call the CouchDB API using jquery :
docdata = '{"level" : "' + currentExercise.level + '", "sheet" : ' + currentExercise.sheet
+ ', "msecs" : '+s.diff + ', "acc" : ' + s.score + ', "d" : "'+datetime +'"}';
$.ajax({
url: baseUrl + "/sheet_submission",
data: docdata,
type: 'POST',
dataType: 'json',
contentType: 'application/json', error: function() {
alert('document save failed :' + docdata);
},
success: function (d1,st1,jq1) {
alert('doc save ok : ' + docdata);
recordCallback();
}
});
Comments