Re: Please allow JS access to Ontologies and LOD from Ian Davis on 2010-10-23 (semantic-web@w3.org from October 2010)

From: Ian Davis <lists@iandavis.com>
Date: Sat, 23 Oct 2010 02:10:47 +0100
To: nathan@webr3.org
Cc: Linked Data community <public-lod@w3.org>, Semantic Web <semantic-web@w3.org>, foaf-protocols <foaf-protocols@lists.foaf-project.org>
Message-ID: <AANLkTi=__2=u8XsoT87NLtN=Z2G+21wGLKv0=Vi2yGgB@mail.gmail.com>

Hi Nathan,

I implemented this header on http://productdb.org/ (since I had the
code open). Can someone comfirm that it does what's expected (i.e.
allows off-domain requesting of data from productdb.org)

One important thing to note. The PHP snippet you gave was slightly
wrong. The correct form is:

header("Access-Control-Allow-Origin: *");

Cheers,

Ian


On Sat, Oct 23, 2010 at 12:04 AM, Nathan <nathan@webr3.org> wrote:
> Hi All,
>
> Currently nearly all the web of linked data is blocked from access via
> client side scripts (javascript) due to CORS [1] being implemented in the
> major browsers.
>
> Whilst this is important for all data, there are many of you reading this
> who have it in your power to expose huge chunks of the RDF on the web to JS
> clients, if you manage any of the common ontologies or anything in the LOD
> cloud diagram, please do take a few minutes from your day to expose the
> single http header needed.
>
> Long story short, to allow js clients to access our "open" data we need to
> add one small HTTP Response header which will allow HEAD/GET and POST
> requests - the header is:
>  Access-Control-Allow-Origin "*"
>
> This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible
> and supported by all the major browser vendors.
>
> Instructions for common servers follow:
>
> If you're on Apache then you can send this header by simply adding the
> following line to a .htaccess file in the dir you want to expose (probably
> site-root):
>  Header add Access-Control-Allow-Origin "*"
>
> For NGINX:
>  add_header Access-Control-Allow-Origin "*";
> see: http://wiki.nginx.org/NginxHttpHeadersModule
>
> For IIS see:
>  http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx
>
> In PHP you add the following line before any output has been sent from the
> server with:
>  header("Access-Control-Allow-Origin", "*");
>
> For anything else you'll need to check the relevant docs I'm afraid.
>
> Best & TIA,
>
> Nathan
>
> [1] http://dev.w3.org/2006/waf/access-control/
>
>

Received on Saturday, 23 October 2010 01:11:24 UTC