Here is an example of this issue in the field as captured from a genuine live overheard conversation on a gitter channel.
csarvenJan 14 22:00
@deiu / @nicola / all.. Could someone please try to help me figure this out: Go to https://dokie.li/ <https://dokie.li/> and 'Sign in' (from the menu at the top right corner) using your WebID in both Firefox and Chrome/ium. Keep the dev console window open and see if you get a 401 on your preferences URL in either one of those browsers. If your prefs is at databox.me that might help understand better. I am able to authenticate (using http and https WebIDs), however when it (simplerdf) tries to get the prefs, Firefox gives me a 401, and Chrome is a 200. The header requests appear to be exactly the same in both browsers.
csarvenJan 14 22:14
In Firefox, I am able GET the prefs in a different tab (for both of the WebID's prefs which are at databox). So I'm suspecting that the issue is closer to SimpleRDF's request in Firefox somehow.
deiuJan 14 22:15
Are you using withCredentials = true flag in your ajax request?
csarvenJan 14 22:16
I was just going to say that.. SimpleRDF doesn't.
deiuJan 14 22:16
It should
csarvenJan 14 22:16
Right.. I thought so: rdf-ext/rdf-ext#52
timbl09:28
...
timbl09:35
This is exactly the issue the TAG were mulling over in my absence in Melbourne. The problem is the library simpleRDF is screwed either way — if it doesn’t set the flag then you don’t get to authenticate, if it does set it then the borwser blocks access to resources with a wildcard CORS header.
<>
