Arman Hayots Arman Hayots - 6 months ago 42
AngularJS Question

CouchDB sign-in with AngularJS: auth cookie sent for /_session only

Previous posts — 1 , 2

What I have now: AngularJS app with two controllers. First works with CouchDB documents and the second perform sign-in requests to

example.com/demo/_session
.

When I open application, I can't do editing with couchdb (in first controller), because some actions I've limited to logged users only. In second controller I'm sending simple POST over
$http
, which return
Http-only
(so no cookie magic there) auth cookie
AuthSession
. That cookie bound to couchdb address and in theory any request from page to couchdb address must contain that cookie also.

But this no happens. No one call to couchdb, except calls to
/_session
comes with
AuthSession
cookie. E.g.
example.com/demo/_session
getting with
AuthSession
and
example.com/demo/records
not.

request

got http cookie

no cookies for bad kids?

In learning Angular and CouchDB I came to deadlock.

What I'm doing wrong? I do not want to hide couchdb behind something with custom auth — too complex and not a good way, I think.

UPD: Getting
Set-Cookie
header also fails — it not available in
HttpPromise.success(function (data, status, headers, config))
headers
. I'm tried to get it like
headers("Set-Cookie")
— no luck.

Maybe something wrong in couchdb configuration? I've uploaded it to pastebin.

Answer
  1. Check CORS to be enabled (* in my cause)
  2. Check cors/credentials in config, it must be true
  3. Use {withCredentials:true} in Angular $http

Now it works.