W3C home > Mailing lists > Public > public-ldp@w3.org > March 2016

Does paging with redirects break under CORS?

From: Maik Riechert <m.riechert@reading.ac.uk>
Date: Mon, 21 Mar 2016 12:39:38 +0100
To: public-ldp@w3.org
Message-ID: <56EFDD7A.20101@reading.ac.uk>
Hi all,

I recently implemented a custom REST API (not LDP based) and came across 
an issue which is relevant for LDP paging as well I think. The issue is 
recorded at 
but I'll describe it in the following as well.

The problematic workflow is "4.2 Simple paging flow using redirects" 
(https://www.w3.org/TR/ldp-paging/#ldpp-ex-paging-303). If the resources 
are queried by a browser via AJAX from a different origin such that 
cross-origin requests apply, the following happens:
- [GET /customer-relations]
   - deferred because Prefer header triggers pre-flight request
- OPTIONS /customer-relations
   - Browser asks the server whether sending Prefer header is ok
   - server answers: 200 OK if cross-domain requests are allowed, which 
we assume here
- GET /customer-relations
   - answer: HTTP/1.1 303 See Other with Location redirect
   - browser fails with "XMLHttpRequest cannot load /customer-relations. 
The request was redirected to 
'http://example.org/customer-relations?page1', which is disallowed for 
cross-origin requests that require preflight.

Note that I haven't tested this with an actual LDP server but since I 
see no difference to my own API and server, I assume this would happen 
for LDP as well.

Are people aware of that? Is there any recommended solution?

Received on Monday, 21 March 2016 11:40:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:16:41 UTC