CouchApps No Longer Work
Cloudant mainly stores JSON documents in collections called databases, but Cloudant also has the ability to store attachments in Cloudant documents. An attachment is a binary blob of data with a file name and mime type. It could be a PDF, a JPG or a Word document.
Photo by Jose Fontano on Unsplash
Cloudant no longer permits CouchApp scripts 🔗
.js files or in
<script> tags) will be barred from execution on the client machine.
The reason for this change is to close a security loophole which could lead to privilege escalation and malicious data access.
Regular attachments will continue to work 🔗
Regular document attachments will continue to work as normal, the only difference being the addition of the
Content-Security-Policy header on attachment retrieval which should not affect normal operation.
Alternatives to CouchApps 🔗
Static websites have become very popular in recent years and there many better places for hosting static content than in a database:
- GitHub Pages allows files in a git repository to be served out on the web, with custom domain name an HTTPS support for free.
- Netlify offers a similar git-based workflow to GitHub Pages but adds the ability to add serverless functions into the mix.
- or, any number of website hosting offerrings.
Cloudant can be configured to permit cross-domain requests by enabling CORS in the Cloudant Dashboard: you may choose to allow requests from any domain, or to a list of specified domains.
The combination of a static hosting service and Cloudant with CORS enabled, should allow CouchApp-like functionality to be reproduced.