CORS Authentication Errors for OPTIONS on iOS.

[thedracle]

When doing a sync against CouchDB, we receive several "Failed to load resource: Request header field Authorization is not allowed by Access-Control-Allow-Headers." errors in the console.

It is entirely intermittent, and some OPTIONS requests succeed with no problem.

This doesn't occur on Android syncing against the very same server.

Our CORS configuration appears to be correct for our CouchDB server.

[dryajov]

What version of CouchDB? I'm on 1.6.0 and seeing a similar issue, I believe it's related to https://issues.apache.org/jira/browse/COUCHDB-2027. Would love to know if there's a workaround.

EDIT:
This turned out to be a config issue, setting origins to * fixed it - I had originally listed my domains in there.

[NickColley]

Definitely looks like a CORs error, double check http://pouchdb.com/errors.html#no_access_control_allow_origin_header

For convenience you can try https://github.com/pouchdb/add-cors-to-couchdb

Hopefully this helps, let me know 👍

[thedracle]

We tried downgrading to Pouch 3.6.0 and do not receive these errors.

We've allowed CORS support with add-cors-to-couchdb from the beginning.

Android is syncing from the exact same database, with the exact same CORS configuration, for the exact same collection, and not receiving these errors.

They seem to be occurring intermittently, and only on some subset of the OPTIONS requests.

OPTIONS that result in a 204 actually seem to be the ones that resolve, where as ones that return a 200 with a JSON content body are the ones that are producing this CORS issue.

It only seems to happen on collections that have multiple revisions of documents.

[nolanlawson]

So this only occurs on iOS? Does it occur in Safari, UIWebView, or WKWebView?

[thedracle]

Our main testing environment is iOS, Pouch 5.1, and UIWebView. We tried WKWebView with similar intermittent errors occurring on OPTIONS.

It also occurs on 5.0, but not on 3.6.0.

[nolanlawson]

Can you provide a live reproducible test case? I realize it's difficult to test because you need a live running CouchDB, but if we can't reproduce then we can't really fix it.

BTW if this only occurs on iOS (and not Android), I wonder if it's actually a Safari bug. If you're able to reproduce consistently, we might be able to file a bug on WebKit and have them look into it.

[ronycohen]

I encounter this issue with Cloudant as well.
On PouchDB 5.0.0 with SAFARI : on the loading of 500 docs I didn't encounter any issues.

On PouchDB 5.0.0 with a IOS 9 device : I get the "Failed to load resource: Request header field Authorization is not allowed by Access-Control-Allow-Headers." errors in the console.

Especially when I do a loop of :

remoteDB.get(doc._id, {attachments: true})); //with doc containing an attachement.

ps : @thedracle what config do you recommend for IOS envt ?

[nolanlawson]

Seems related to #4633. Basically checking for _bulk_get is giving us lots of problems.

[ronycohen]

this post is the #4633

You meant #4756 ?

[nolanlawson]

sorry I meant #4773

[ronycohen]

I think it's OK with the new version. let me confirm that to you

[daleharvey]

Not been seeing this recently