1

This is kind of strange. I make a rest post call to couchdb 2.0 to update the user database and I get back a 401 status message "error=bad_request" and "reason=Referer header must match host."

However if I change the "post" to "put", then it is happy and returns status of 201 as expected. I could continue use puts, but that isn't the standard.

Suggestions?

POST http://localhost:5984/_users/org.couchdb.user:test1 HTTP/1.1
Host: localhost:5984
Connection: keep-alive
Content-Length: 364
Pragma: no-cache
Cache-Control: no-cache
Origin: http://localhost:9000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
content-type: application/json
Accept: */*
DNT: 1
Referer: http://localhost:9000/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8
Cookie: io=YBMMIY0pejGjeHV9AACO; AuthSession=foo

{
  "_id":"org.couchdb.user:test1",
  "_rev":"1-8e2136e07f62238327f87d1ae54a29df",
  "type":"user","roles": "user"],
  "name":"test1",
  "email":"test1@foo.bar",
  "fullName":"Test1 esq",
  "phone":"555-555-5555",
  "id":"org.couchdb.user:test1",
  "password_scheme":"pbkdf2",
  "iterations":10,
  "derived_key":"0e076f6f85f1389fd90ff181d433e1438e8e30a4",
  "salt":"37f590de042f07956f6cc11b8a9eb012"
}

Response

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:9000
Access-Control-Expose-Headers: content-type, cache-control, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev, x-couchdb-body-time
Cache-Control: must-revalidate
Connection: close
Content-Length: 67
Content-Type: application/json
Date: Thu, 29 Dec 2016 23:15:25 GMT
Server: CouchDB/2.0.0 (Erlang OTP/17)
X-Couch-Request-ID: b45ec52b5c
X-CouchDB-Body-Time: 0

{"error":"bad_request","reason":"Referer header must match host."}

**This works**

PUT http://localhost:5984/_users/org.couchdb.user:test1 HTTP/1.1
Host: localhost:5984
Connection: keep-alive
Content-Length: 364
Pragma: no-cache
Cache-Control: no-cache
Origin: http://localhost:9000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
content-type: application/json
Accept: */*
DNT: 1
Referer: http://localhost:9000/
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Cookie: io=62j8pWngSUNyLwKjAACX; AuthSession=xyyz

{
  "_id":"org.couchdb.user:test1",
  "_rev":"1-8e2136e07f62238327f87d1ae54a29df",
  "type":"user",
  "roles":["user"],
  "name":"test1",
  "email":"test1@foo.bar",
  "fullName":"Test1 esq",
  "phone":"555-555-5555",
  "id":"org.couchdb.user:test1",
  "password_scheme":"pbkdf2",
  "iterations":10,
  "derived_key":"0e076f6f85f1389fd90ff181d433e1438e8e30a4",
  "salt":"37f590de042f07956f6cc11b8a9eb012"
}
Darryl Wagoner WA1GON
  • 967
  • 1
  • 10
  • 31
  • Can you just drop the Referer header? Do you need it? – LStarky Dec 30 '16 at 13:48
  • I haven't tried that and I am not sure I know how as I am not explicitly adding it in. I could try setting it to undefined, but the object doesn't have it defined. I will try to remove it from the header with fiddler before it is sent. – Darryl Wagoner WA1GON Dec 30 '16 at 17:45

1 Answers1

1

So, you have troubles with mismatching referrer and expected host because of different port numbers. According to this https://github.com/couchbase/couchdb/blob/2.5.1.1/src/couchdb/couch_httpd.erl#L344 you can place X-Forwarded-Host header with your value - localhost:9000

nikit
  • 153
  • 8