Configure CORS
Configure Cross-Origin Resource Sharing (CORS) to allow browser-based clients and JavaScript SDKs to replicate directly with Couchbase Edge Server.
Prerequisites
-
Couchbase Edge Server {version} or later.
-
CORS is disabled by default. You must explicitly enable it in the server configuration.
About CORS in Couchbase Edge Server
Modern browsers enforce strict origin validation for cross-site network requests. Without CORS support, browser-based clients, including the Couchbase Lite JavaScript SDK, cannot replicate with Couchbase Edge Server when the client origin differs from the Couchbase Edge Server host.
Couchbase Edge Server supports a single configurable CORS policy defined at the server level. When CORS is enabled, Couchbase Edge Server handles preflight requests and applies the configured origin, header, and age policies to responses.
Authentication and authorization are enforced consistently regardless of whether replication occurs via browser or native clients.
Configure CORS
Add a cors block to the top-level server configuration.
{
"cors": {
"origin": ["https://example.com", "https://app.example.com"],
"headers": ["Content-Type", "Authorization"],
"max_age": 86400
},
"databases": {
"mydb": { }
}
}
| Property | Type | Description |
|---|---|---|
|
Array of strings |
The list of allowed origins.
Use |
|
Array of strings |
The list of HTTP headers that browser clients are allowed to include in requests. |
|
Integer |
The duration in seconds that browsers can cache preflight response results. This reduces the number of preflight requests sent by the browser. |
Next Steps
-
To configure authentication for browser-based clients, see Authentication.
-
To review available REST API operations, see Edge Server REST API.