Our Angular (dart) application is making use of the SyncGateway public API in order to access a Couchbase repository. The authorization was being done with the Session SetCookie header . It was working fine when our SyncGateway was set up without CORS.
However, the browser where our application is running will refuse to send any request if the SyncGateway is set up with a CORS origin list. The culprit seems to be the WWW-Authentication response header returned by the SyncGateway, which is set to "Basic realm=‘Sync Gateway’ . If our application is changed to use a Basic Authorization header, the browser will then be working again.
Is it a known issue? Or am I missing something here.
We would really like to stick to using a Session instead of a credential with username and password, as our users would be from an external OAuth source.
Would someone shed some light on this issue.?
Any help would be highly appreciated.