JSON-LD responses for core ontologies don't contain CORS headers; limits browser clients from Alex Kreidler on 2020-10-25 (public-linked-json@w3.org from October 2020)

From: Alex Kreidler <alexkreidler2020@gmail.com>
Date: Sat, 24 Oct 2020 20:16:38 -0400
To: public-linked-json@w3.org, semantic-web@w3.org
Message-ID: <CABRqtpgQsEortoNQikgjDQCneBvM24ECVi3gSxQfB6jaA55FAw@mail.gmail.com>

Hi all,

I have a web app that requests some core schemas/ontologies: rdf and rdfs,
which are hosted by the W3C.

It uses content negotiation with an accept header that has JSON-LD as a
high priority via the q mime parameter.

However, I noticed that I was getting CORS errors when running in the
browser.

I then tested on the command line using HTTPie (could also reproduce with
CURL), and noticed that in each instance for those two schemas, when the
server responded with the JSON-LD, it omitted the
Access-Control-Allow-Origin header, which allows CORS to work.

Here is a pastebin of that output
<https://privatebin.net/?d4c541d948d56b18#5dNEGhoVWL7hwLt1umF6yjeb3vJfprporXE6ZoGzYSYj>.
I only included HEAD requests for brevity, but the GETs had the same issue.

I'd really appreciate it if anyone could reproduce the issue, and then give
me some feedback on steps to take to fix it, because I'm not sure who
exactly maintains the ontologies and the server or what code handles adding
the appropriate headers.

Thanks!

Received on Sunday, 25 October 2020 00:19:53 UTC