W3C home > Mailing lists > Public > public-ldp@w3.org > January 2015

Statistics on open data available for CORS consumption?

From: Brad Hill <hillbrad@gmail.com>
Date: Tue, 13 Jan 2015 18:22:46 +0000
Message-ID: <CAEeYn8gCRmX6M6kfsEB+QT8StPtRAn8pChCneOJk-EjrEgf8FA@mail.gmail.com>
To: public-ldp@w3.org
Over in the WebAppSec WG, TBL has sparked a discussion on our Mixed Content
draft ( https://w3c.github.io/webappsec/specs/mixedcontent/ ) with concerns
that strict prohibition of inclusion of http data into https web
applications will lock out a good deal of open data on the web.

He gave as an example:


I made a spot sample of the first data set listed on this site, and while
indeed it was only available over http, it also did not appear to set CORS
headers, and so would not be available for consumption by a web platform
mashup app, anyway.

I'd like to get a good sense for the size of the issue here: what data that
is *actually* available to web mashups today would be blocked by stricter
mixed content rules.   (If a site really has no maintainers, I understand
the issue, but if it would need maintenance to add
Access-Control-Allow-Origin: * headers, that same maintainer can almost as
easily turn on https.)

Do any domain experts in LDP have ballpark numbers or even a fuzzy feeling
for the magnitude of open data which:

1) Currently has CORS headers and is usable (and used) today in web
platform mashups


2) Is not available over https


Brad Hill
Co-chair, WebAppSec WG
Received on Tuesday, 13 January 2015 18:23:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:16:38 UTC