Cannot connect due to CORS error

[thany]

Abstract

Suddenly, I can no longer connect to the couchdb server, but only on desktop. On mobile it still works perfectly fine. So with that, the server is configured correctly, afaict.

On desktop though, I'm getting this:

18/12/2023, 10:57:22->HTTP:GET to:/ -> failed
18/12/2023, 10:57:22->TypeError:Failed to fetch
18/12/2023, 10:57:22->TypeError:Failed to fetch
18/12/2023, 10:57:22->could not connect to https://***** : obsidian 
(TypeError:Failed to fetch
**Note** This error caused by many reasons. The only sure thing is you didn't touch the server.
To check details, open inspector.)

Inspector:

Expected behaviour

• Synchronisation ends with the message Replication completed
• Everything synchronised

Actually happened

See error above.

Reproducing procedure

1. Let it sync.

Honestly, I don't know what caused this. If I knew I could provide repro steps more accurately. That's kind of a catch-22, isn't it.

Report from the LiveSync

For more information, please refer to Making the report.

Report from hatch

----remote config----
chttpd:
  bind_address: any
  port: "5984"
admins: 𝑅𝐸𝐷𝐴𝐶𝑇𝐸𝐷
vendor:
  name: The Apache Software Foundation
feature_flags:
  partitioned||*: "true"
chttpd_auth:
  hash_algorithms: sha256, sha
  secret: a51e965b21a73de53a48ff1933e6afb7
indexers:
  couch_mrview: "true"
prometheus:
  additional_port: "false"
  bind_address: 127.0.0.1
  port: "17986"
httpd:
  bind_address: 127.0.0.1
  port: "5986"
smoosh:
  state_dir: ./data
couch_httpd_auth:
  authentication_db: 𝑅𝐸𝐷𝐴𝐶𝑇𝐸𝐷
  secret: 𝑅𝐸𝐷𝐴𝐶𝑇𝐸𝐷
  authentication_redirect: 𝑅𝐸𝐷𝐴𝐶𝑇𝐸𝐷
couchdb_engines:
  couch: couch_bt_engine
couchdb:
  database_dir: ./data
  uuid: 𝑅𝐸𝐷𝐴𝐶𝑇𝐸𝐷
  view_index_dir: ./data

---- Plug-in config ---
version:0.19.23
couchDB_URI: self-hosted
couchDB_USER: 𝑅𝐸𝐷𝐴𝐶𝑇𝐸𝐷
couchDB_PASSWORD: 𝑅𝐸𝐷𝐴𝐶𝑇𝐸𝐷
couchDB_DBNAME: 𝑅𝐸𝐷𝐴𝐶𝑇𝐸𝐷
liveSync: false
syncOnSave: false
syncOnStart: false
savingDelay: 200
lessInformationInLog: false
gcDelay: 0
versionUpFlash: ""
minimumChunkSize: 20
longLineThreshold: 250
showVerboseLog: true
suspendFileWatching: false
trashInsteadDelete: true
periodicReplication: false
periodicReplicationInterval: 60
syncOnFileOpen: false
encrypt: false
passphrase: 𝑅𝐸𝐷𝐴𝐶𝑇𝐸𝐷
usePathObfuscation: false
doNotDeleteFolder: false
resolveConflictsByNewerFile: false
batchSave: false
deviceAndVaultName: ""
usePluginSettings: false
showOwnPlugins: false
showStatusOnEditor: true
usePluginSync: false
autoSweepPlugins: false
autoSweepPluginsPeriodic: false
notifyPluginOrSettingUpdated: false
checkIntegrityOnSave: false
batch_size: 50
batches_limit: 40
useHistory: true
disableRequestURI: true
skipOlderFilesOnSync: true
checkConflictOnlyOnOpen: false
syncInternalFiles: false
syncInternalFilesBeforeReplication: false
syncInternalFilesIgnorePatterns: \/node_modules\/, \/\.git\/, \/obsidian-livesync\/
syncInternalFilesInterval: 60
additionalSuffixOfDatabaseName: ""
ignoreVersionCheck: false
lastReadUpdates: 19
deleteMetadataOfDeletedFiles: false
syncIgnoreRegEx: ""
syncOnlyRegEx: ""
customChunkSize: 100
readChunksOnline: true
watchInternalFileChanges: true
automaticallyDeleteMetadataOfDeletedFiles: 0
disableMarkdownAutoMerge: false
writeDocumentsIfConflicted: false
useDynamicIterationCount: false
syncAfterMerge: false
configPassphraseStore: ""
encryptedPassphrase: 𝑅𝐸𝐷𝐴𝐶𝑇𝐸𝐷
encryptedCouchDBConnection: 𝑅𝐸𝐷𝐴𝐶𝑇𝐸𝐷
permitEmptyPassphrase: false
useIndexedDBAdapter: true
useTimeouts: false
writeLogToTheFile: false
doNotPaceReplication: false
hashCacheMaxCount: 300
hashCacheMaxAmount: 50
concurrencyOfReadChunksOnline: 100
minimumIntervalOfReadChunksOnline: 333
hashAlg: xxhash64
suspendParseReplicationResult: false
doNotSuspendOnFetching: false
useIgnoreFiles: false
ignoreFiles: .gitignore
syncOnEditorSave: false
pluginSyncExtendedSetting: {}

Obsidian debug info

Debug info

SYSTEM INFO:
	Obsidian version: v1.4.16
	Installer version: v1.4.16
	Operating system: Windows 10 Pro 10.0.19045
	Login status: not logged in
	Insider build toggle: off
	Live preview: off
	Legacy editor: off
	Base theme: dark
	Community theme: none
	Snippets enabled: 0
	Restricted mode: off
	Plugins installed: 1
	Plugins enabled: 1
		1: Self-hosted LiveSync v0.19.23

RECOMMENDATIONS:
	Community plugins: for bugs, please first try updating all your plugins to latest. If still not fixed, please try to make the issue happen in the Sandbox Vault or disable community plugins.

Plug-in log

See above.

Network log

See above.

Other information, insights and intuition.

Obsidian itself is up-to-date, the plugin is up-to-date, and couchdb is at 3.3.3.
This problem happens with an admin account as well as with a normal user account.

Just as a heads-up: "Check database configuration" cannot work, because it cannot connect. But again, I didn't touch neither the config nor the server, so the config should still work. And it works on mobile, so it's good.

[dlphnkck]

Hi. I am not familiar with the LiveSync plugin, but I have a question.
Is the LiveSync plugin version up-to-date?

Debug info
1: Self-hosted LiveSync v0.19.23

The current LiveSync plugin latest is v0.21.5. (Releases · vrtmrz/obsidian-livesync)

I apologize if this is not relevant.

[thany]

It is up-to-date now 😀

But it didn't help to resolve the issue, unfortunately.

[tecix]

@thany I had similar issue and found out it was because of the attachment files.
You should check the configuration with nginx to allow the sync for bigger file size.

Try to put this in nginx conf and restart the service:
client_max_body_size 100M;

[thany]

I have couchdb running in a docker container, and cannot find a nginx config anywhere. Can you point out where I'm supposed to add that config line exactly?

At the filesystem root, find | grep nginx yields 0 results.

Btw, couchdb is an Apache project, so why would they use nginx for the webserver part? 😀

Oh and also, if filesize is the problem, then should it not be able to connect to couchdb in the first place? Because before that happens, it has no chance of even trying to send any file.

[tecix]

I use Nginx for the reverse proxy to access livesync server via a domain name.
Maybe this is a difference issue of mine.

[thany]

And sure I can enable CORS in couchdb itself, but then two more questions would arise:

1. What domain should I fill in to allow? Because I'm obviously not going to allow everything. Couchdb admin says to has to start with http/https, but Obsidian is not a website.
2. Obsidian is a desktop application, so why would it need CORS in the first place? cmiiw, but CORS is meant communication from javascript on a website to another domain. But in this case, there's no domain to be had...

[vrtmrz]

I am really sorry, and, thank you all for your patience and cooperation!

And sure I can enable CORS in couchdb itself, but then two more questions would arise:

We should enable CORS in CouchDB and leave handlings to it. CouchDB will pick a suitable origin for each request from configured values. Each platform uses a different origin.

1. app://obsidian.md, capacitor://localhost and http://localhost should be set. This can be configurable by the Check button; from the Check database configuration of the setting dialogue in Self-hosted LiveSync on Obsidian. (I think that this button could be Doctor as in some traditions).
   Note: it could not be configurable from the Web UI. We have to configure it by using REST API or editing INI files.
2. I have been so surprised as same on you. Obsidian is built on the web technology. The desktop version uses app://obsidian.md for the origin. (app is not the actual protocol scheme, but a real one.) This can be revealed by evaluating window.location.origin in DevTools. As noted above, this varies from platform to platform.

[thany]

1. This can be configurable by the Check button; from the Check database configuration of the setting dialogue in Self-hosted LiveSync on Obsidian.

Except the problem is that it too, will throw the same CORS error. But it can be added forcibly on the "Main config" page in the couchdb admin config. Not sure if that's a "healthy" thing to do, because the requirement for http/https is probably there for a reason.

Either way, I don't believe Obsidian should behave like it's a faux website. I'm not sure where this should be fixed if possible. Is it a bug in Obisidan, or maybe in Electron?

[vrtmrz]

Thank you for your good point! I have looked into it again, to find what should it be to the origin.
Then, I collected some information. Let me share it.

CouchDB can accept origins which have non-HTTP schemes neither via HTTP API nor the ini file. A CORS origin could have them, this would be based on old-fashioned CORS specification (RFC-6454 and RFC-3986).
RFC-3986 seems to be refined as URL Living Standard, these are defined as special-scheme in it.
Therefore, this could be the problem of Fauxton; which is the web-frontend of CouchDB. However, it is web-frontend and may be designed that way as far as I looking at issues on their repo.

On the other hand, iOS and Electron use non special-scheme.
iOS (Based on Capacitor) seems to use capacitor://localhost as this. I could not find the exact source of the information, but Electron uses app:// in their sample

This might mean that it seems to be well-designed in each their area; even though if they makes very complicated situation for us.

I hope that my information will help us!

[baruchiro]

Hi, I tried configuring it as written here, but it is not working; I still receive CORS.

My DB is accessible via Cloudflare Zero Trust Tunnel. Has anyone experienced a similar problem?

[thany]

I'm using Git by now. Works a million times better, even if not considering the CORS issue. But CORS and Git have never had problems with each other, and it continues to be like that. Again, not sure if the server (github) just happens to be configured correctly, but I keep repeating myself, in that a desktop application should do any CORS things whatsoever. CORS is for websites.

[vrtmrz]

I will reply properly later, but the Origin in "CROSS ORIGIN RESOURCE SHARING" is clearly meant to express the boundary aspects of the security context, and of course, the desktop has the origin of a desktop. It should be. This is also established in the RFCs as previously mentioned. It should not be underestimated, especially in CouchDB, the native web-based database.

Incidentally, we can currently connect to periodic sync ignoring CORS. A warning is displayed, though. (We display warnings. We can hide them. If someone needs an option, I could implement this as our risk. However, changing the configuration is the better solution, I think).
This is due to Obsidian's API, which cannot be used with LiveSync due to the number of simultaneous connections.

I have explained this because you asked, and this was not intended to rudely enlighten you. This could only mean that we simply need documentation. I am sorry to put it this way, but I hope you will give it some thought before making any assurances. We would love to be humble with each other.

[vrtmrz]

@baruchiro

I said later, but I am replying from my smartphone as I am about to miss the time. Please forgive me for the lack of coherent writing.

Sorry for the delay, do you have verbose logging enabled?
If enabled, the current version should show the content, even with CORS errors.

In particular, if the gateway returns a response, e.g. on Cloudflare, it will always be detected as a CORS error, as the CORS header is not sent.

If nothing is shown, would you mind if I asked you to share a report with me which can be generated by the Hatch pane, please?

[baruchiro]

Thank you so much for your help!
You truly deserve appreciation – you're patient, respectful, and dedicated, and it's not something I take for granted.

I've spent way too much time on this over the past few days, so I'm going to put it aside for now.
Currently, sync works on my computer using Service Auth, but on my phone it doesn't work outside the home network because I can't set custom headers there.

I was also thinking – maybe it would be helpful to start a Discord community for this project? I sometimes feel hesitant to ask small questions here, like how to get logs and so on.

Thanks again!

[vrtmrz]

I apologise for the hand-wringing response (even if I had deep thoughts about it). Quite simply, CORS can be ignored on v0.24.26.
You can read about that idea, ideology, and the conflict so far in (#632).
And why it appears to be a change of heart.
If you are interested, I hope you will read it.

@baruchiro
I speak English poorly and, sometimes, can be quite rude, so real-time conversations are not really suited to me, and I had been feeling intimidated.
Also, with Discord, some people might not be able to connect due to censorship or restrictions, and I think that should not be suitable for keeping knowledge open. The same goes for other messaging platforms (I have been asked about Telegram a few times).

So, if I am going to use it, I would prefer something a bit more open, self-hostable and well-connected, for example, a distributed platform like Nostr (I already posted occasionally).

I thought it was a very good opportunity, so I decided to create Self-hosted LiveSync Channel on Nostr for trial. Why don't you try it with us? However, I do speak broken English. Always, Grammarly is just guiding me. Without it, some things may not make sense. Please feel free to point it out.

Otherwise, you can also ask me directly on Nostr.
If you do not mind other daily posts in Japanese, you can also ask me on
Another Nostr Account or X formar Twitter. The Japanese account is usually selected and might reply a bit quicker.

Anyway, please do not hesitate to ask directly! I always welcome your messages! (If you think I may have forgotten to respond, please don't hesitate to point it out. Indeed, I do forget often).

Finally, I would love to thank everyone who has participated in this conversation once again and close this issue for now! Every conversation is inherently a contribution, and I appreciate your patience and contributions.

[baruchiro]

@vrtmrz, I will continue on Nostr, but why are all the links directed to https://njump.compile-error.net/? 😂

[vrtmrz]

@baruchiro
This njump instance was hosted by mattn_jp, and I remembered that it did not work with njump.me.

However, when I checked it just now, I realised that there was a simple link error.

I will also update my profile, but the following are them in njump.me!

• Nostr (en)
• Another Nostr

Thank you for pointing that out!