- From: Tim Berners-Lee <timbl@w3.org>
- Date: Tue, 19 Jan 2016 10:31:34 +0000
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Public TAG List <www-tag@w3.org>
- Message-Id: <DD847722-1E38-4B13-8E64-F8EC750B6F9A@w3.org>
Here is an example of this issue in the field as captured from a genuine live overheard conversation on a gitter channel. csarvenJan 14 22:00 @deiu / @nicola / all.. Could someone please try to help me figure this out: Go to https://dokie.li/ <https://dokie.li/> and 'Sign in' (from the menu at the top right corner) using your WebID in both Firefox and Chrome/ium. Keep the dev console window open and see if you get a 401 on your preferences URL in either one of those browsers. If your prefs is at databox.me that might help understand better. I am able to authenticate (using http and https WebIDs), however when it (simplerdf) tries to get the prefs, Firefox gives me a 401, and Chrome is a 200. The header requests appear to be exactly the same in both browsers. csarvenJan 14 22:14 In Firefox, I am able GET the prefs in a different tab (for both of the WebID's prefs which are at databox). So I'm suspecting that the issue is closer to SimpleRDF's request in Firefox somehow. deiuJan 14 22:15 Are you using withCredentials = true flag in your ajax request? csarvenJan 14 22:16 I was just going to say that.. SimpleRDF doesn't. deiuJan 14 22:16 It should csarvenJan 14 22:16 Right.. I thought so: rdf-ext/rdf-ext#52 timbl09:28 ... timbl09:35 This is exactly the issue the TAG were mulling over in my absence in Melbourne. The problem is the library simpleRDF is screwed either way — if it doesn’t set the flag then you don’t get to authenticate, if it does set it then the borwser blocks access to resources with a wildcard CORS header. <>
Attachments
- text/html attachment: stored
- image/jpeg attachment: csarven.jpeg
- image/jpeg attachment: deiu.jpeg
- image/png attachment: smile.png
- image/png attachment: 1254848.png
Received on Tuesday, 19 January 2016 12:48:24 UTC