Re: JSON-LD responses for core ontologies don't contain CORS headers; limits browser clients

Hi Alex

I think it's quite impractical and brittle to dereference vocabs from their original locations. There are a bunch of potential issues: broken content negotiation, incorrect headers, rate limiting, cors, uncertain availability. 

I'd propose an alternative

My colleagues and I have been building the package @zazuko/rdf-vocabularies. It contains ready to use vocabularies serialised as n-triples and next week i hope we'll push a new version with all vocabs published as code. 

import { rdf, rdfs } from '@zazuko/rdf-vocabularies/datasets' 

This way you will not require a parser to load them and have them bundled by webpack in your application

Best, 
Tom 

Sent from Nine
________________________________
From: Alex Kreidler <alexkreidler2020@gmail.com>
Sent: Sunday, 25 October 2020 02:16
To: public-linked-json@w3.org; semantic-web@w3.org
Subject: JSON-LD responses for core ontologies don't contain CORS headers; limits browser clients

Hi all,

I have a web app that requests some core schemas/ontologies: rdf and rdfs, which are hosted by the W3C.

It uses content negotiation with an accept header that has JSON-LD as a high priority via the q mime parameter.

However, I noticed that I was getting CORS errors when running in the browser. 

I then tested on the command line using HTTPie (could also reproduce with CURL), and noticed that in each instance for those two schemas, when the server responded with the JSON-LD, it omitted the Access-Control-Allow-Origin header, which allows CORS to work.

Here is a pastebin of that output. I only included HEAD requests for brevity, but the GETs had the same issue.

I'd really appreciate it if anyone could reproduce the issue, and then give me some feedback on steps to take to fix it, because I'm not sure who exactly maintains the ontologies and the server or what code handles adding the appropriate headers.

Thanks!