Created
September 17, 2011 00:52
-
-
Save jhs/1223467 to your computer and use it in GitHub Desktop.
CORS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 08b26333c44f9a86a8d9b87f4a1e6d51e9ac624c | |
Author: Jason Smith <jhs@iriscouch.com> | |
Date: Wed May 18 08:08:36 2011 +0700 | |
A configuration option httpd.cors_admin to allow _admin over CORS | |
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl | |
index db6809b..3193855 100644 | |
--- a/src/couchdb/couch_httpd.erl | |
+++ b/src/couchdb/couch_httpd.erl | |
@@ -528,7 +528,14 @@ verify_is_server_admin(#httpd{user_ctx=UserCtx}=Req) -> | |
% Normal verification for non-CORS request. | |
verify_is_server_admin(UserCtx); | |
_ -> | |
- throw({unauthorized, <<"Cross-origin admin is not allowed.">>}) | |
+ case couch_config:get("httpd", "cors_admin", "false") of | |
+ "true" -> | |
+ % Allow admin over CORS. | |
+ verify_is_server_admin(UserCtx); | |
+ _False -> | |
+ throw({unauthorized, | |
+ <<"Cross-origin admin is not allowed.">>}) | |
+ end | |
end; | |
verify_is_server_admin(#user_ctx{roles=Roles}) -> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment