W3C home > Mailing lists > Public > public-lod@w3.org > October 2010

Re: Please allow JS access to Ontologies and LOD

From: Hugh Glaser <hg@ecs.soton.ac.uk>
Date: Wed, 27 Oct 2010 21:57:11 +0000
To: "nathan@webr3.org" <nathan@webr3.org>
CC: Linked Data community <public-lod@w3.org>
Message-ID: <EMEW3|7e6883471dacad22314d51cd344f66a7m9QMve02hg|ecs.soton.ac.uk|C8EE5A01.DAE0%hg@ecs.soton.ac.uk>
(Gone down to LOD list only.)

Thanks William - yes, that works fine as is in the
/etc/httpd/conf/httpd.conf (to correct the usual path from my email).
Put it at the end of Section 2, although I guess where is not very
important.

On 27/10/2010 22:31, "Nathan" <nathan@webr3.org> wrote:

>Cheers Hugh,
>
>Actually IIRC having two of them (well "*,*" is a problem - do see:
>
>  http://httpd.apache.org/docs/2.0/mod/mod_headers.html
>
>For full details, short version is:
>
>   "The directives provided by mod_headers can occur almost anywhere
>within the server configuration. They are valid in the main server
>config and virtual host sections, inside <Directory>, <Location> and
><Files> sections, and within .htaccess files."
Sorry, not sure if you are saying two is a problem.
(And can't quite make it out from the doc.)
Will try to work out why sometime (probably something to do with the way
we trap 404 to generate the document), but am hoping it is OK for the
moment.
Best

curl -I "http://www.sameas.org/json?uri=http://dbpedia.org/resource/London"
curl -I "http://www.sameas.org/rdf?uri=http://dbpedia.org/resource/London"
curl -I "http://www.sameas.org/?uri=http://dbpedia.org/resource/London"
curl -I http://southampton.rkbexplorer.com/id/person-00173
are fine, but the rkb docs suffer:
curl -I http://southampton.rkbexplorer.com/description/person-00173
curl -I http://southampton.rkbexplorer.com/data/person-00173

>
>Best,
>
>Nathan
>
>Hugh Glaser wrote:
>> Great stuff - thanks for the advice.
>> Done for sameas.org and *.rkbexplorer.com
>> 
>> However, did it via .htaccess, and would prefer to do it in
>> /etc/httpd/http.conf, not least because the vhosts seems to make it end
>>up
>> with two of them (which I assume is not illegal?)
>> Can anyone tell me the http.conf line that does the same thing, to help
>>a
>> lazy citizen :-)
>> 
>> Cheers
>> 
>> On 23/10/2010 02:28, "Nathan" <nathan@webr3.org> wrote:
>> 
>>> Hi Ian,
>>>
>>> Thanks, I can confirm the change has been successful :)
>>>
>>> However, one small note is that the conneg URIs such as
>>> http://productdb.org/gtin/00319980033520 do not expose the header, thus
>>> can't be used.
>>>
>>> In order to test yourself, simply do a curl -I request on the resource,
>>> for instance:
>>>
>>>  curl -I http://productdb.org/gtin/00319980033520.rdf
>>>
>>> Also, I've just uploaded a small script which lets you enter a uri of
>>>an
>>> RDF/XML document, it'll try and pull it, parse it and display it as
>>> turtle for you - which is a good test of both CORS and the script ;)
>>>   http://webr3.org/apps/play/api/test
>>>
>>> FYI, Dan has also made the change so the FOAF vocab is now exposed to
>>>JS.
>>>
>>> Best and thanks again,
>>>
>>> Nathan
>>>
>>> Ian Davis wrote:
>>>> Hi Nathan,
>>>>
>>>> I implemented this header on http://productdb.org/ (since I had the
>>>> code open). Can someone comfirm that it does what's expected (i.e.
>>>> allows off-domain requesting of data from productdb.org)
>>>>
>>>> One important thing to note. The PHP snippet you gave was slightly
>>>> wrong. The correct form is:
>>>>
>>>> header("Access-Control-Allow-Origin: *");
>>>>
>>>> Cheers,
>>>>
>>>> Ian
>>>>
>>>>
>>>> On Sat, Oct 23, 2010 at 12:04 AM, Nathan <nathan@webr3.org> wrote:
>>>>> Hi All,
>>>>>
>>>>> Currently nearly all the web of linked data is blocked from access
>>>>>via
>>>>> client side scripts (javascript) due to CORS [1] being implemented in
>>>>> the
>>>>> major browsers.
>>>>>
>>>>> Whilst this is important for all data, there are many of you reading
>>>>> this
>>>>> who have it in your power to expose huge chunks of the RDF on the web
>>>>> to JS
>>>>> clients, if you manage any of the common ontologies or anything in
>>>>>the
>>>>> LOD
>>>>> cloud diagram, please do take a few minutes from your day to expose
>>>>>the
>>>>> single http header needed.
>>>>>
>>>>> Long story short, to allow js clients to access our "open" data we
>>>>> need to
>>>>> add one small HTTP Response header which will allow HEAD/GET and POST
>>>>> requests - the header is:
>>>>>  Access-Control-Allow-Origin "*"
>>>>>
>>>>> This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft)
>>>>> compatible
>>>>> and supported by all the major browser vendors.
>>>>>
>>>>> Instructions for common servers follow:
>>>>>
>>>>> If you're on Apache then you can send this header by simply adding
>>>>>the
>>>>> following line to a .htaccess file in the dir you want to expose
>>>>> (probably
>>>>> site-root):
>>>>>  Header add Access-Control-Allow-Origin "*"
>>>>>
>>>>> For NGINX:
>>>>>  add_header Access-Control-Allow-Origin "*";
>>>>> see: http://wiki.nginx.org/NginxHttpHeadersModule
>>>>>
>>>>> For IIS see:
>>>>>  http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx
>>>>>
>>>>> In PHP you add the following line before any output has been sent
>>>>>from
>>>>> the
>>>>> server with:
>>>>>  header("Access-Control-Allow-Origin", "*");
>>>>>
>>>>> For anything else you'll need to check the relevant docs I'm afraid.
>>>>>
>>>>> Best & TIA,
>>>>>
>>>>> Nathan
>>>>>
>>>>> [1] http://dev.w3.org/2006/waf/access-control/
>>>>>
>>>>>
>>>>
>>>
>> 
>> 
>> 
>
Received on Wednesday, 27 October 2010 21:58:15 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:24:29 UTC