Cookie Based Authentication and CORS in v6.0.0 #240
Description
More of an FYI than an issue that needs addressing. There is an issue of replicating to remote CouchDB using cookie based authentication.
PouchDB v7.0.0 inadvertently removed sending cookies by default on requests to CouchDB, which has already been patched. However, this patch has not made it into an npm release yet, so it is still affecting the pouchdb dependency of ember-pouch.
After digging a little, it seems that the only solution at this point is to use basic http authentication as indicated by @zeevl since pouchdb functions such as sync() and replicate() are affected.
Initiating replication is an obvious place where this is noticeable. A basic example to overcome the issue until pouchdb pushes a new release is below. Note that removing the auth option will produce a CORS error, regardless of any headers that one might choose to send in the options.
startReplication(username, password) {
if (config.emberPouch.remoteDb) {
this.set('remoteDb', new PouchDB(config.emberPouch.remoteDb,
{
// the line below is required due to a fixed bug that has not found
// it's way into a release version of pouchdb that results in cookies
// not being sent by pouchdb requests.
// For more information:
// https://github.com/pouchdb/pouchdb/issues/7390
// Use Basic Authentication scheme for CouchDB instead of the Cookie based authentication.
auth: { username, password}
}
));
this.get('db').sync(this.get('remoteDb'), { live: true, retry: true });
} else {
debug("No remote database is configured. Skipping replication init.")
}
}