W3C home > Mailing lists > Public > public-lod@w3.org > May 2010

Re: [pedantic-web] Cross site scripting: CORS and a Javascript library accessing Linked Data

From: nat lu <natlu2809@gmail.com>
Date: Tue, 11 May 2010 00:19:43 +0100
Message-ID: <4BE8948F.6040903@gmail.com>
To: pedantic-web@googlegroups.com
CC: Linked Data community <public-lod@w3.org>
<2cs>

    Why is CORS any better than JSONP or any home-grown js that writes a
    new <script> tag for making Linked Data accessible ?

</2c>

On 10/05/2010 22:49, Nathan wrote:
> All,
>
> Could everybody publishing linked data please note that open data 
> isn't currently retrievable via client side JS libraries due to same 
> origin policies and the likes.
>
> In order to make it open and accessible by UAs we need to add in CORS 
> [1] headers.
>
> Please see the email below from TimBL which includes a request for a 
> linked data bubble diagram showing which systems support CORS, and the 
> full issue here on www-tag [2]
>
> [1] http://www.w3.org/TR/cors/
> [2] http://lists.w3.org/Archives/Public/www-tag/2010May/0009.html
>
> Kinglsey, Ian, members of the Pedantic Web - I've cc'd you in directly 
> for rather obvious reasons :)
>
> Richard/Pedants, will this need to be added to the Publishing Linked 
> Data guide / recs?
>
> Best,
>
> Nathan
>
> Tim Berners-Lee wrote:
>> In mid:4BE7BF59.9010204@webr3.org aka 
>> http://lists.w3.org/Archives/Public/www-tag/2010May/0009.html
>> on 2010-05 -10, at 04:10, Nathan wrote:
>>> All,
>>
>> [...lots of cool stuff about making JS client talk to sem web backend 
>> ...]
>>
>>> Thus far the only thing I can see that comes any where near to 
>>> addressing is the work in progress Cross-Origin Resource Sharing [1] 
>>> but afaik it's only implemented in the newest browsers + the vast 
>>> majority of resources on the web don't have these headers set so 
>>> again the application wouldn't be able to access most data - 
>>> rendering any apps made very limited and virtually useless - which 
>>> imho is a huge shame since all the peices needed are ready and 
>>> waiting on billions(?) of machines.
>>
>> Well, machines which serve public data must now serve the two (why 
>> two?!) HTTP headers for CORS.
>> Just lean on data sources you know to do this.  And people have to 
>> use new browsers to get new functionality.
>>
>> Note if they run an add-on, like Tabulator, then they skip this 
>> problem as the code is
>> deemed trusted.
> [snip]
>>
>> We could do with a version of the linked data bubble diagram with the 
>> systems which support CORS in green. Anyone?
>>
>
>
>
Received on Monday, 10 May 2010 23:20:17 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:29:48 UTC