- From: Nathan <nathan@webr3.org>
- Date: Sat, 23 Oct 2010 02:28:01 +0100
- To: Ian Davis <lists@iandavis.com>
- CC: Linked Data community <public-lod@w3.org>, Semantic Web <semantic-web@w3.org>, foaf-protocols <foaf-protocols@lists.foaf-project.org>
Hi Ian, Thanks, I can confirm the change has been successful :) However, one small note is that the conneg URIs such as http://productdb.org/gtin/00319980033520 do not expose the header, thus can't be used. In order to test yourself, simply do a curl -I request on the resource, for instance: curl -I http://productdb.org/gtin/00319980033520.rdf Also, I've just uploaded a small script which lets you enter a uri of an RDF/XML document, it'll try and pull it, parse it and display it as turtle for you - which is a good test of both CORS and the script ;) http://webr3.org/apps/play/api/test FYI, Dan has also made the change so the FOAF vocab is now exposed to JS. Best and thanks again, Nathan Ian Davis wrote: > Hi Nathan, > > I implemented this header on http://productdb.org/ (since I had the > code open). Can someone comfirm that it does what's expected (i.e. > allows off-domain requesting of data from productdb.org) > > One important thing to note. The PHP snippet you gave was slightly > wrong. The correct form is: > > header("Access-Control-Allow-Origin: *"); > > Cheers, > > Ian > > > On Sat, Oct 23, 2010 at 12:04 AM, Nathan <nathan@webr3.org> wrote: >> Hi All, >> >> Currently nearly all the web of linked data is blocked from access via >> client side scripts (javascript) due to CORS [1] being implemented in the >> major browsers. >> >> Whilst this is important for all data, there are many of you reading this >> who have it in your power to expose huge chunks of the RDF on the web to JS >> clients, if you manage any of the common ontologies or anything in the LOD >> cloud diagram, please do take a few minutes from your day to expose the >> single http header needed. >> >> Long story short, to allow js clients to access our "open" data we need to >> add one small HTTP Response header which will allow HEAD/GET and POST >> requests - the header is: >> Access-Control-Allow-Origin "*" >> >> This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible >> and supported by all the major browser vendors. >> >> Instructions for common servers follow: >> >> If you're on Apache then you can send this header by simply adding the >> following line to a .htaccess file in the dir you want to expose (probably >> site-root): >> Header add Access-Control-Allow-Origin "*" >> >> For NGINX: >> add_header Access-Control-Allow-Origin "*"; >> see: http://wiki.nginx.org/NginxHttpHeadersModule >> >> For IIS see: >> http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx >> >> In PHP you add the following line before any output has been sent from the >> server with: >> header("Access-Control-Allow-Origin", "*"); >> >> For anything else you'll need to check the relevant docs I'm afraid. >> >> Best & TIA, >> >> Nathan >> >> [1] http://dev.w3.org/2006/waf/access-control/ >> >> > >
Received on Saturday, 23 October 2010 01:29:17 UTC