-
Notifications
You must be signed in to change notification settings - Fork 169
add support for CORS headers #108
Comments
@iriscouch @jhs Is it possible to enable cors headers on couchdb? Config somewhere? |
I think I might have just enabled them. That was super easy. Can you test and see if it works? |
Wow thanks so much for such a quick response!! |
I just tried http://registry.npmjs.org/bops/latest but can't see the cors headers? |
I should also mention I am testing using curl -Ii and with http://client.cors-api.appspot.com/client#?client_method=GET&client_credentials=false&server_url=http%3A%2F%2Fregistry.npmjs.org%2Fbops%2Flatest&server_enable=true&server_status=200&server_credentials=false&server_tabs=remote |
Yeah, I think I didn't do something. I'll dig into it later. People have On Thursday, May 30, 2013, Maksim Lin wrote:
|
@isaacs really appreciate you looking at this so quickly! Anytime you get a chance to look into it is fine. |
+1 |
@isaacs would you have time to look into this again? with @dominictarr npmd now available it would be useful to try using it even in-browser. |
@jhs Maybe you could look at this? Did I do something wrong? I've enabled cors for |
Oh, hahaha, nevermind. The issue was that I'd set Can you try it now? |
CORS headers aren't there still. Try
|
I wonder if the change the @isaacs made got backed out some how because I do remember trying it after it got closed and it was working then for me but yes now the headers are gone again. |
+1 |
Any chance this has been resolved? I have been playing with it a little (via angularjs) but can't seem to get around the CORs issue. Thank you |
Please add CORS headers, that would just make everything easier for me. |
👍 |
1 similar comment
👍 |
👍 would be great if CORS could be (re-?)enabled to open up many new possibilities for web-based interaction with the NPM registry without proxy hacks. For reference, this is only a CouchDB configuration change (no code change), in case anyone wants to enable CORS on their own npm-registry-couchapp instance, something like this works: curl -X PUT http://admin:password@localhost:5984/_config/httpd/enable_cors -d '"true"'
curl -X PUT http://admin:password@localhost:5984/_config/cors/origins -d '"*"'
curl -X PUT http://admin:password@localhost:5984/_config/cors/methods -d '"GET, HEAD"' then test that it is enabled with: curl -i -H 'Origin: example.com' registry.npmjs.org | grep Access-Control
curl -i -H 'Origin: example.com' localhost:5984 | grep Access-Control
…
Access-Control-Expose-Headers: Cache-Control, Content-Type, Server
Access-Control-Allow-Origin: example.com |
👍 |
thanks @deathcap! |
Here is a CORS proxy service max runs if anyone needs a temporary workaround http://cors.maxogden.com |
+1 Trying to make a request: |
+1 |
1 similar comment
👍 |
👍 |
Want this! 👍 |
👍 |
👍 |
@isaacs any chance this can be enabled again or is there a security issue preventing this ? |
We had CORS enabled for a period of time, but it unfortunately raised some security concerns: allowing folks to perform arbitrary puts from the browser, opening us up to potential DDoS attacks, etc. We opted to turn CORS back off due to these concerns. Since this time, we have gradually moved away from adding any updates to npm-registry-couchapp; the codebase has gradually become deprecated as we've moved to a more distributed architecture. I've officially added a deprecation notice to the repo: And I'd love for folks to instead join the conversation here: https://github.com/npm/public-api Let's decide on what a public API for npm should look like. |
For visitors: |
Another workaround would be to use npms https://api.npms.io/v2/package/prisma |
@jasonkuhrt npms offers the same with some differences but mostly the same with extra fields. Though npms had issues in the past with stale data. |
The discussion continues here since this issue is closed and not monitored I guess. |
This works for us for now https://npmjs.cf/ |
I'm working on a npm client to use in-browser and would like to be able to access registry.npmjs.org from a browser webpage without using a proxy.
The text was updated successfully, but these errors were encountered: