broken security policy

In the PouchDB issue tracker there are a number of comments about compatibility with older version of webkit. I am experiencing this issue on Ubuntu Precise (libqtwebkit4-2.2.1-1ubuntu4) but not on Ubuntu Saucy (libqtwebkit4-2.3.2-0ubuntu3).

Also on Windows with PyQt4-4.10.3-gpl-Py2.7-Qt4.8.5-x64.exe from http://www.riverbankcomputing.com/software/pyqt/download.

A patch for __init__.py is required for loading the javascript on Windows. This just removes the hardcoded / separators and lets os.path.join do all the work.

def _collectJSFiles():
 #the pouchdb source tree
 startPaths = [
  os.path.join(utils.dataDir, "pouchdb-source", "pouch.js"),
  os.path.join(utils.dataDir, "pouchdb-source", "pouch.utils.js")
 ]
 depsPaths = glob.glob(os.path.join(utils.dataDir, "pouchdb-source", "deps", "*.js"))
 srcPaths = glob.glob(os.path.join(utils.dataDir, "pouchdb-source", "*.js"))
 adapterPaths = glob.glob(os.path.join(utils.dataDir, "pouchdb-source", "adapters", "*.js"))
 adapterPaths = [p for p in adapterPaths if not "leveldb" in p]
 pluginPaths = glob.glob(os.path.join(utils.dataDir, "pouchdb-source", "plugins", "*.js"))

I've been developing Python-PouchDB on Ubuntu Saucy mostly, I ran the test suite on Ubuntu Precise for a while too, but I never got rid of that security error under all circumstances. There is a variable you can set that helped a bit under some circumstances IIRC, though:
http://pythonhosted.org/Python-PouchDB/#pouchdb.baseUrl

Apart from that newer WebKit/Qt versions are just the easiest fix I'm afraid. With Trusty soon becoming the next LTS the problem will hopefully just disappear over time. That the latest Windows version of PyQt4 also has an old webkit is worrying though. I'll try updating the PouchDB JS code sometime soon though, upstream is moving very rapidly lately and I think it might solve at least one older webkit bug that's currently present concerning blobs.

As for the Windows patch, I'll apply that at the same time. In the meantime, please tell me if setting the baseUrl variable helps any for the original bug...

import pouchdb

pouchdb.baseUrl = 'http://localhost:5984/'

db = pouchdb.PouchDB('example')
db.put({"_id": "mytest"})
doc = db.get('mytest')
print(doc)

>>> {u'_rev': u'1-36d7c63ac49a17e9e7f2c316a5b00dde', u'_id': u'mytest'}

baseUrl does change it. it doesn't work in ipython (hangs at db.put) but running it as standalone file works well. will explore more later.

thanx

Hanging mostly happens because of the asynchronous -> synchronous code. It works more or less like this:

- call the js function with a dummy python code callback
- while not (python callback called):
  - qt event loop.runOnce()
- return result passed into the python callback.

This means that if something goes wrong in the JS code which causes it to not reach the place where the python callback is called, the loop is never broken. Note that this can't generate an error that reaches the JS console, because in that case, the loop is broken and a JSError is raised. At least, theoretically. :P

Setting the baseUrl solves this issue for me too under both Windows and Ubuntu Precise.

Thanks:)

Ok, so in the meantime I pretty much rewrote the API to catch up with PouchDB 2.0 and later. the baseUrl parameter now has a more prominent place, and newer versions of Qt should do the rest. Going to close this as Fix Released (I don't do 'Fix Committed'). Will be in the next release. (i.e. 0.3)