W3C home > Mailing lists > Public > public-lod@w3.org > October 2010

Re: Please allow JS access to Ontologies and LOD

From: Nathan <nathan@webr3.org>
Date: Wed, 27 Oct 2010 22:31:19 +0100
Message-ID: <4CC89A27.9050100@webr3.org>
To: Hugh Glaser <hg@ecs.soton.ac.uk>
CC: Ian Davis <lists@iandavis.com>, Linked Data community <public-lod@w3.org>, Semantic Web <semantic-web@w3.org>, foaf-protocols <foaf-protocols@lists.foaf-project.org>
Cheers Hugh,

Actually IIRC having two of them (well "*,*" is a problem - do see:

  http://httpd.apache.org/docs/2.0/mod/mod_headers.html

For full details, short version is:

   "The directives provided by mod_headers can occur almost anywhere 
within the server configuration. They are valid in the main server 
config and virtual host sections, inside <Directory>, <Location> and 
<Files> sections, and within .htaccess files."

Best,

Nathan

Hugh Glaser wrote:
> Great stuff - thanks for the advice.
> Done for sameas.org and *.rkbexplorer.com
> 
> However, did it via .htaccess, and would prefer to do it in
> /etc/httpd/http.conf, not least because the vhosts seems to make it end up
> with two of them (which I assume is not illegal?)
> Can anyone tell me the http.conf line that does the same thing, to help a
> lazy citizen :-)
> 
> Cheers
> 
> On 23/10/2010 02:28, "Nathan" <nathan@webr3.org> wrote:
> 
>> Hi Ian,
>>
>> Thanks, I can confirm the change has been successful :)
>>
>> However, one small note is that the conneg URIs such as
>> http://productdb.org/gtin/00319980033520 do not expose the header, thus
>> can't be used.
>>
>> In order to test yourself, simply do a curl -I request on the resource,
>> for instance:
>>
>>  curl -I http://productdb.org/gtin/00319980033520.rdf
>>
>> Also, I've just uploaded a small script which lets you enter a uri of an
>> RDF/XML document, it'll try and pull it, parse it and display it as
>> turtle for you - which is a good test of both CORS and the script ;)
>>   http://webr3.org/apps/play/api/test
>>
>> FYI, Dan has also made the change so the FOAF vocab is now exposed to JS.
>>
>> Best and thanks again,
>>
>> Nathan
>>
>> Ian Davis wrote:
>>> Hi Nathan,
>>>
>>> I implemented this header on http://productdb.org/ (since I had the
>>> code open). Can someone comfirm that it does what's expected (i.e.
>>> allows off-domain requesting of data from productdb.org)
>>>
>>> One important thing to note. The PHP snippet you gave was slightly
>>> wrong. The correct form is:
>>>
>>> header("Access-Control-Allow-Origin: *");
>>>
>>> Cheers,
>>>
>>> Ian
>>>
>>>
>>> On Sat, Oct 23, 2010 at 12:04 AM, Nathan <nathan@webr3.org> wrote:
>>>> Hi All,
>>>>
>>>> Currently nearly all the web of linked data is blocked from access via
>>>> client side scripts (javascript) due to CORS [1] being implemented in
>>>> the
>>>> major browsers.
>>>>
>>>> Whilst this is important for all data, there are many of you reading
>>>> this
>>>> who have it in your power to expose huge chunks of the RDF on the web
>>>> to JS
>>>> clients, if you manage any of the common ontologies or anything in the
>>>> LOD
>>>> cloud diagram, please do take a few minutes from your day to expose the
>>>> single http header needed.
>>>>
>>>> Long story short, to allow js clients to access our "open" data we
>>>> need to
>>>> add one small HTTP Response header which will allow HEAD/GET and POST
>>>> requests - the header is:
>>>>  Access-Control-Allow-Origin "*"
>>>>
>>>> This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft)
>>>> compatible
>>>> and supported by all the major browser vendors.
>>>>
>>>> Instructions for common servers follow:
>>>>
>>>> If you're on Apache then you can send this header by simply adding the
>>>> following line to a .htaccess file in the dir you want to expose
>>>> (probably
>>>> site-root):
>>>>  Header add Access-Control-Allow-Origin "*"
>>>>
>>>> For NGINX:
>>>>  add_header Access-Control-Allow-Origin "*";
>>>> see: http://wiki.nginx.org/NginxHttpHeadersModule
>>>>
>>>> For IIS see:
>>>>  http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx
>>>>
>>>> In PHP you add the following line before any output has been sent from
>>>> the
>>>> server with:
>>>>  header("Access-Control-Allow-Origin", "*");
>>>>
>>>> For anything else you'll need to check the relevant docs I'm afraid.
>>>>
>>>> Best & TIA,
>>>>
>>>> Nathan
>>>>
>>>> [1] http://dev.w3.org/2006/waf/access-control/
>>>>
>>>>
>>>
>>
> 
> 
> 
Received on Wednesday, 27 October 2010 21:32:21 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:24:29 UTC