PouchDB/Ionic 2 - use of "Cookie" header for authentication

I have developed an app that uses Ionic 2 and PouchDB connected to CouchBase and SyncGateway.
Since the web browsers used in Ionic 2 do not accept the direct set of a header named “Cookie”, which is required for the authentication of the user to SyncGateway, I am forced to use a Proxy Server that converts a general header into a “Cookie” header and transfer the request to SyncGateway port on the server.
Everything is working fine, but I would like to know if it is foreseen for CouchBase team to solve this issue, possibly by allowing a different header name as authentication cookie or if there is any other workaround that does not require a proxy server.

Where are you getting the cookie from? Ordinarily you would POST credentials to SG’s session endpoint, which would include a Set-Cookie header in its response. From then on your browser will send the Cookie header automatically, as with any other website.

Sync Gateway also supports HTTP Basic auth (which you should use only over SSL, of course.)

Hey Jens.
I get the cookie from a dedicated login server, that access the admin server port on SG and returns the Set-Cookie header for the user.
Then the process to sync PouchDB requires to create a sync session between the local and the remote db, something like this:

this.db = new PouchDB("local_bucket");
this.remote_db_options = {
        include_docs: true,
        attachments: false,
        crossDomain: true,
        withCredentials: true,
        skipSetup: true,
        ajax: {
          cache: false,
          timeout: 10000,
          headers: {
            'Content-Type': 'application/json',
            'Cookie': ...set-cookie-value...
let remote_db = new PouchDB("http://62.149.xxx.xxx:4984/bucket_name", this.remote_db_options);
this.syncHandler = this.db.sync(remote_db, {
      live: true,
      retry: true

If this is done using “Cookie” as header, then I always get an error:

Refused to set unsafe header “Cookie”

It applies to web browser, Cordova on Android and Cordova on iOS (but only if WKWebView is used).
The only solution I found is to have a proxy server and set the header as “Proxy-Cookie”, but it would be really nice if SG gets this option natively, so to avoid an extra proxy server.

You should probably move the login server so it’s on the same host as SG. The cookie set by the login response would then be sent by the browser when you send requests to SG. (I can’t remember whether it needs to be on the same port too. If so, you can use a proxy to map it there.)

Sorry Jens, the login server is already on the same host as SG and it’s only used by the app to access the admin port of SG and retrieve the set-cookie.
The app is installed on a mobile device (native Android or iOS) using Ionic 2 and Cordova.
Cordova and the related web browser does not allow to set a “Cookie” header (refer also to older post Sync Gateway Cookie Auth with Cordova).
I am using PouchDB, but this is applicable also to other similar methods like the post above.
Since Ionic and similar hybrid platforms are becoming quite popular, I think CouchBase team should take a look into this problem, because the only alternative would be to use CouchBase Cordova plugin, which does not have the same advantages of PouchDb.