W3C home > Mailing lists > Public > semantic-web@w3.org > October 2010

Re: Please allow JS access to Ontologies and LOD

From: Nathan <nathan@webr3.org>
Date: Sat, 23 Oct 2010 02:28:01 +0100
Message-ID: <4CC23A21.2080706@webr3.org>
To: Ian Davis <lists@iandavis.com>
CC: Linked Data community <public-lod@w3.org>, Semantic Web <semantic-web@w3.org>, foaf-protocols <foaf-protocols@lists.foaf-project.org>
Hi Ian,

Thanks, I can confirm the change has been successful :)

However, one small note is that the conneg URIs such as 
http://productdb.org/gtin/00319980033520 do not expose the header, thus 
can't be used.

In order to test yourself, simply do a curl -I request on the resource, 
for instance:

  curl -I http://productdb.org/gtin/00319980033520.rdf

Also, I've just uploaded a small script which lets you enter a uri of an 
RDF/XML document, it'll try and pull it, parse it and display it as 
turtle for you - which is a good test of both CORS and the script ;)

FYI, Dan has also made the change so the FOAF vocab is now exposed to JS.

Best and thanks again,


Ian Davis wrote:
> Hi Nathan,
> I implemented this header on http://productdb.org/ (since I had the
> code open). Can someone comfirm that it does what's expected (i.e.
> allows off-domain requesting of data from productdb.org)
> One important thing to note. The PHP snippet you gave was slightly
> wrong. The correct form is:
> header("Access-Control-Allow-Origin: *");
> Cheers,
> Ian
> On Sat, Oct 23, 2010 at 12:04 AM, Nathan <nathan@webr3.org> wrote:
>> Hi All,
>> Currently nearly all the web of linked data is blocked from access via
>> client side scripts (javascript) due to CORS [1] being implemented in the
>> major browsers.
>> Whilst this is important for all data, there are many of you reading this
>> who have it in your power to expose huge chunks of the RDF on the web to JS
>> clients, if you manage any of the common ontologies or anything in the LOD
>> cloud diagram, please do take a few minutes from your day to expose the
>> single http header needed.
>> Long story short, to allow js clients to access our "open" data we need to
>> add one small HTTP Response header which will allow HEAD/GET and POST
>> requests - the header is:
>>  Access-Control-Allow-Origin "*"
>> This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible
>> and supported by all the major browser vendors.
>> Instructions for common servers follow:
>> If you're on Apache then you can send this header by simply adding the
>> following line to a .htaccess file in the dir you want to expose (probably
>> site-root):
>>  Header add Access-Control-Allow-Origin "*"
>> For NGINX:
>>  add_header Access-Control-Allow-Origin "*";
>> see: http://wiki.nginx.org/NginxHttpHeadersModule
>> For IIS see:
>>  http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx
>> In PHP you add the following line before any output has been sent from the
>> server with:
>>  header("Access-Control-Allow-Origin", "*");
>> For anything else you'll need to check the relevant docs I'm afraid.
>> Best & TIA,
>> Nathan
>> [1] http://dev.w3.org/2006/waf/access-control/
Received on Saturday, 23 October 2010 01:29:17 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 08:45:20 UTC