Re: CORS problems now with HTTP2 -- CORS catch 23

Hi Tim,

> On 2 Dec 2019, at 18:19, Tim Berners-Lee <timbl@w3.org> wrote:
> 
> We have a problem it seems with CORS for w3.org’s public data.
> It seems
> 
> 
> Ccing the public TAG list as maybe this will need updfating of tag documents about CORS.
> 
> 
> A script on localhost:3080 does a fetch to ttp://www.w3.org/1999/02/22-rdf-syntax-ns and is refused by the browser.
> The system cannot respoind to the OPTIONS with a redirect
> 
> 
> 
> 
> 
>   • Request URL: http://www.w3.org/1999/02/22-rdf-syntax-ns
>   • Request Method: OPTIONS
>   • Status Code: 307 Internal Redirect
>   • Referrer Policy: no-referrer-when-downgrade
>  • Response Headers
>   • Access-Control-Allow-Credentials: true
>   • Access-Control-Allow-Origin: http://localhost:3080
>   • Location: https://www.w3.org/1999/02/22-rdf-syntax-ns
>   • Non-Authoritative-Reason: HSTS
>  • Request Headers
>   • Provisional headers are shown
>   • Referer: http://localhost:3080/devel/github.com/solid/form-playground/playground.html
>   • User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36

It would be good to have the exact request, as I tried to do an OPTIONS on http://www.w3.org/1999/02/22-rdf-syntax-ns and no redirect was involved.

> Access to fetch at 'http://www.w3.org/1999/02/22-rdf-syntax-ns' from origin 'http://localhost:3080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

I would note the 

> • Status Code: 307 Internal Redirect
...
> • Non-Authoritative-Reason: HSTS

Did a request actually reach the network?

-- 
Baroula que barouleras, au tiéu toujou t'entourneras.

        ~~Yves

Received on Tuesday, 3 December 2019 21:46:32 UTC