Configure CORS

    Configure Cross-Origin Resource Sharing (CORS) to allow browser-based clients and JavaScript SDKs to replicate directly with Couchbase Edge Server.

    Prerequisites

    • Couchbase Edge Server {version} or later.

    • CORS is disabled by default. You must explicitly enable it in the server configuration.

    About CORS in Couchbase Edge Server

    Modern browsers enforce strict origin validation for cross-site network requests. Without CORS support, browser-based clients, including the Couchbase Lite JavaScript SDK, cannot replicate with Couchbase Edge Server when the client origin differs from the Couchbase Edge Server host.

    Couchbase Edge Server supports a single configurable CORS policy defined at the server level. When CORS is enabled, Couchbase Edge Server handles preflight requests and applies the configured origin, header, and age policies to responses.

    Authentication and authorization are enforced consistently regardless of whether replication occurs via browser or native clients.

    Configure CORS

    Add a cors block to the top-level server configuration.

    {
      "cors": {
        "origin": ["https://example.com", "https://app.example.com"],
        "headers": ["Content-Type", "Authorization"],
        "max_age": 86400
      },
      "databases": {
        "mydb": { }
      }
    }
    Table 1. CORS Configuration Properties
    Property Type Description

    origin

    Array of strings

    The list of allowed origins. Use ["*"] to allow all origins. Couchbase recommends restricting origins to known client hosts in production.

    headers

    Array of strings

    The list of HTTP headers that browser clients are allowed to include in requests.

    max_age

    Integer

    The duration in seconds that browsers can cache preflight response results. This reduces the number of preflight requests sent by the browser.

    Next Steps