W3C home > Mailing lists > Public > www-tag@w3.org > December 2019

CORS problems now with HTTP2 -- CORS catch 23

From: Tim Berners-Lee <timbl@w3.org>
Date: Mon, 2 Dec 2019 12:19:49 -0500
Message-Id: <6324B8C3-2039-466A-9489-C1B5D05E1C98@w3.org>
Cc: Public TAG List <www-tag@w3.org>, Ruben Verborgh <ruben.verborgh@ugent.be>
To: "sysreq@w3.org Requests" <sysreq@w3.org>
We have a problem it seems with CORS for w3.org’s public data.
It seems

Ccing the public TAG list as maybe this will need updfating of tag documents about CORS.

A script on localhost:3080 does a fetch to ttp://www.w3.org/1999/02/22-rdf-syntax-ns and is refused by the browser.
The system cannot respoind to the OPTIONS with a redirect

Request URL: http://www.w3.org/1999/02/22-rdf-syntax-ns
Request Method: OPTIONS
Status Code: 307 Internal Redirect
Referrer Policy: no-referrer-when-downgrade
Response Headers
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:3080
Location: https://www.w3.org/1999/02/22-rdf-syntax-ns
Non-Authoritative-Reason: HSTS
Request Headers
Provisional headers are shown
Referer: http://localhost:3080/devel/github.com/solid/form-playground/playground.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36


Access to fetch at 'http://www.w3.org/1999/02/22-rdf-syntax-ns' from origin 'http://localhost:3080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

Received on Monday, 2 December 2019 17:19:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:18 UTC