Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- commit 08b26333c44f9a86a8d9b87f4a1e6d51e9ac624c
- Author: Jason Smith <jhs@iriscouch.com>
- Date: Wed May 18 08:08:36 2011 +0700
- A configuration option httpd.cors_admin to allow _admin over CORS
- diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
- index db6809b..3193855 100644
- --- a/src/couchdb/couch_httpd.erl
- +++ b/src/couchdb/couch_httpd.erl
- @@ -528,7 +528,14 @@ verify_is_server_admin(#httpd{user_ctx=UserCtx}=Req) ->
- % Normal verification for non-CORS request.
- verify_is_server_admin(UserCtx);
- _ ->
- - throw({unauthorized, <<"Cross-origin admin is not allowed.">>})
- + case couch_config:get("httpd", "cors_admin", "false") of
- + "true" ->
- + % Allow admin over CORS.
- + verify_is_server_admin(UserCtx);
- + _False ->
- + throw({unauthorized,
- + <<"Cross-origin admin is not allowed.">>})
- + end
- end;
- verify_is_server_admin(#user_ctx{roles=Roles}) ->
Add Comment
Please, Sign In to add comment