I have been following the guide(s) - readme.md and read the guide on contributing. When I execute npm run dev with couchdb up 'n running in docker and the settings.json modified accordingly, I get a Content Security violation in Chrome Version 75.0.3770.100 (Official Build) (64-bit) on the latest Mac Book Pro as of this writing:

Refused to connect to '<URL>' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

default-src 'self' should work for same-origin when applying host: "http://localhost:5984"

I was playing around with https://csp-evaluator.withgoogle.com/ using the defaultHeaderValue in devserver.js but to no avail. (On an unrelated note, Google is saying you can restrict object src to 'none' .. new issue?

This is blocking me from completing local development setup and it would be my pleasure to contribute and fix some UI issues I found.

@iamgollum Have you enable CORS on your local CouchDB?

@popojargo sounds like the Readme needs to be updated... let me check ... would not have thought to enable CORS on the couch side of things...following this: https://docs.couchdb.org/en/1.3.0/cors.html

@popojargo after many attempts to grep and find the CouchDB installation directory where the cors files live (including manually using Finder on my mac to dig into the Applications Folder but to no avail), I ended up finding this handy library script and it worked:

https://github.com/pouchdb/add-cors-to-couchdb

I think this should be mentioned in the Readme? What do you think?

You can probably add a note or a FAQ in the CONTRIBUTING.md file :)

Also, you can normally enable CORS in the Fauxton UI (under Config > CORS)

@Poltergeist the config link was broken for me :( - maybe I did something wrong. Ill submit a PR tomorrow for the readme. ill tag it under this issue - cool?