I have an ajax request which connects to http://example.com:6001.
However, it will work only when I open http://example.com:6001 in the browser, which loads index.html (which is run though Node.js on port 6001). This works fine and ajax returns:
XHR finished loading: http://example.com:6001/_api/
However, when I open index.html from my Apache server on :80, the ajax call will return:
XMLHttpRequest cannot load http://example.com/_api/?xxx. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://example.com' is therefore not allowed access.
I’m not sure whether this error is returned by CouchDB or by Apache.
I’ve tried some variations of the following in /etc/apache2/sites-available/000-default.conf of Apache:
<VirtualHost *:6001>
Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Credentials "false"
</VirtualHost>
And in /etc/couchdb/local.ini of Couch DB (from the Cross-Origin Resource Sharing documentation):
[httpd]
enable_cors = true
[cors]
origins = *
credentials = false
The last one makes the most sense because it seems to point out the credentials flag..
It shouldn’t be script as well, because it works within the same “port-domain” (i.e., :6001).
Best Answer
This error is returned by your browser.
Basically means you just can't do that.
CORS related headers should not be set in Apache (in your case)
Generate that in your NodeJS application with specified domain:port, not wildcard.
Here's a similar case you may want to have a look
I don't know NodeJS. In php you can use
header("Access-Control-Allow-Origin: ".$_SERVER['HTTP_ORIGIN']);to simulate wildcard.