-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chrome Update 52: Response for preflight has invalid HTTP status code 405 #111
Comments
Yes, I can also confirm that this is a bug on Chrome 52.0.2743.82 m, running on Windows 10 (64-bit). Firefox (47.0.1) also on the same platform works well, so this appears to be an issue with Chrome. |
I've been looking into this a lot, and the problem is that as of Chrome 52, there is an empty |
As a workaround, you can install server {
listen 6984 ssl;
server_name myserver.com;
ssl_certificate /whereveriputmykeys/myserver.crt;
ssl_certificate_key /whereveriputmykeys/myserver.key;
location / {
proxy_set_header Access-Control-Request-Headers "";
proxy_pass http://127.0.0.1:5984;
}
} Many thanks to |
Thanks, ccapndave. I am wondering if something can be done on our end (pouchdb) or with the CouchDB code? If Chrome is going to always exhibit this behavior, then perhaps something could be done? |
The CouchDB code can certainly be changed to accept an empty header here (although not by me!) I'm not quite sure if anything can be done from the client side. Its possible that using the Fetch API to do the requests might have different/more reliable behaviour? Its also possible that its actually a Chrome bug and will be fixed at some point. |
Sounds good ccapndave . In addition, if this can't be fixed in the long term, then maybe your nice solution could be added to a wiki page somewhere (i.e. for pouchdb-authentication or for PouchDB). Maybe someone from the couchdb project would be interested in patching this. I've tested the bug on Google Chrome Canary and it also occurs on this browser as well. |
Good that another workaround has been found. We worked around the issue through switching from http authentication to token based one. |
Hi all, if there is a bug in CouchDB, could you please file it on the CouchDB repo? They are about to release 2.0, so maybe they will have time to fix it: https://issues.apache.org/jira/browse/COUCHDB/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel |
Alternatively, you could file the bug on Chromium, but I'm not sure what the W3C specs say about how Access-Control-Request-Headers should behave. |
Either CouchdB or Chromium sounds good, Nolan - I'm not certain how the bug could be filed. Maybe someone subscribed to this thread could do this. Thanks for your fine work on the Pouchdb code. |
BTW - this problem goes beyond pouchdb-authentication; I have now experienced it in normal pouchdb usage (when getting bulk_docs). |
Could be related: https://bugs.chromium.org/p/chromium/issues/detail?id=601092 |
It sounds like this is a bug in CouchDB because Chrome is adhering to the letter of the law (i.e. the spec allows for sending an empty header) but CouchDB can't parse it. |
Can someone please provide a very simple test case to reproduce this? I am unable to reproduce using Chrome 52 on a Mac. The very best test here would be a Docker script to run the right version of CouchDB, then an HTML page containing PouchDB and demonstrating the error. Right now I'm not sure what steps I need to do to reproduce this. |
Hey Nolan, unfortunately I have no experience with docker but can provide you with remote login to my couchdb where the error occurs. Server: Ubuntu 14.04.4 LTS I installed couchdb using the third party ppa "ppa:couchdb/stable" Url: couchdb@garedu.com Hope this information helps resolving the issue. |
Reproduced using curl:
|
and a PR at apache/couchdb-chttpd#135. I'd guess this is a low priority for CouchDB so please comment on the Jira ticket if it's causing you problems. |
Maybe we should file an issue on Chrome? It's a better solution for Chrome to omit the header and fix this issue in v53 rather than expect CouchDB to fix it in 1.7/2.0 and then have everybody running CouchDB upgrade their servers. |
I've filed an isuse on Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=633729 . As of right now, I don't see any way for PouchDB or pouchdb-authentication to fix this issue. It seems that the fix either needs to go in Chrome or in CouchDB. I'd be very happy if anyone can think of a workaround, though. FWIW this issue can be reproduced in pouchdb-authentication's own test suite, which is how I managed to reproduce it. The test suite still passes in Firefox and Edge, but not Chrome 52. |
I'm on the same boat :/ |
I found a workaround for my use case, so even though it's incredibly hacky, I thought I'd share it. The first step is to edit your CouchDB configuration. I added the custom Now, for any calls that are having this issue, you just need to pass in some
Per-DatabaseGetting that pesky 405 a lot? In theory, this should fix the whole database! Unfortunately, PouchDB Authentication ignores these
Per-CallDon't want to include a useless header all the time? Just add it when you need it! Most PouchDB calls take an optional
The Crazy Forking OptionIt took a silly amount of debugging before I realized that PouchDB Authentication ignored the
Note: I've only tested this on Chrome 52.0.2743.116 on Mac 10.10.5. Your mileage may vary. |
@ionrocks Based on your "crazy forking option," it looks like this could be fixed by adding an explicit BTW the fact that PouchDB Authentication ignores the |
The downside of I want to experiment (when I'm back in the office) and see if Chrome is excluding common headers from As for ignoring the |
We've hacked around this using the following nginx reverse proxy config. We tried @ccapndave's header pass but weren't able to get replication working, so decided to take the kitchen sink approach. This seems to be working for now. Eager to see couchdb fix this, given that we have no control over users' browser updates.
|
meanwhile, for Mac users, an alternative is to use Chromium 51 http://www.freesmug.org/chromium |
I recently stumbled accross this thing as well and have been playing around, trying to find a way to get around it. It seems to me that sending the login credentials as JSON already fixes the problem; it'd be nice if someone could confirm or refute this solution. I have no idea why it actually makes a difference, but anyway, here we go:
Edit: tested in Chrome 52.0.2743.116 m, Windows 10, 1607 Thanks by the way for all your work, everybody! |
I'm getting this too -- quite odd, wasn't getting it yesterday. Could it be related to this issue? |
Yes, submitting as JSON will send the header |
@jlami Your |
Fixed by #115 |
My coworker just updated to Chrome 52 automatically.
After a lot of debugging we found out that this update apparently has an issue with pouchdb-authentication.
How to reproduce:
Use the
login
method of a remote db. This will result in the following exceptions:index-browser.js:219 OPTIONS http://couchdb.garedu.com/_session xhRequest @ index-browser.js:219ajax$1 @ index-browser.js:238ajaxCore @ index-browser.js:332ajax @ index-browser.js:389(anonymous function) @ index.js:92(anonymous function) @ utils.js:66(anonymous function) @ utils.js:54(anonymous function) @ utils.js:35loginRemote @ DatabaseManager.js:116(anonymous function) @ DatabaseManager.js:150F @ _export.js:35initUserDbs @ DatabaseManager.js:147LoginView._this.login @ AuthenticationPage.jsx:47ReactErrorUtils.invokeGuardedCallback @ ReactErrorUtils.js:70executeDispatch @ EventPluginUtils.js:89executeDispatchesInOrder @ EventPluginUtils.js:112executeDispatchesAndRelease @ EventPluginHub.js:44executeDispatchesAndReleaseTopLevel @ EventPluginHub.js:55forEachAccumulated @ forEachAccumulated.js:25processEventQueue @ EventPluginHub.js:221runEventQueueInBatch @ ReactEventEmitterMixin.js:18handleTopLevel @ ReactEventEmitterMixin.js:29handleTopLevelImpl @ ReactEventListener.js:73perform @ Transaction.js:138batchedUpdates @ ReactDefaultBatchingStrategy.js:63batchedUpdates @ ReactUpdates.js:98dispatchEvent @ ReactEventListener.js:150 localhost/:1 XMLHttpRequest cannot load http://couchdb.garedu.com/_session. Response for preflight has invalid HTTP status code 405 reducers.js:16 new gareduMiner state: Object {settings: Object, status: Object, session: Object}
Would love to see if someone has the same issue.
As of now I do not know which change in Chrome breaks authentication. What I know is that replication with a database that does not need authentication still works fine.
In FF everything works fine as well. Downgrading Chrome alsow works.
I lack the in depth knowledge of PouchDB to efficiently fix this issue. I would love if someone would look into it.
Best regards
The text was updated successfully, but these errors were encountered: