Re: Please allow JS access to Ontologies and LOD
Hi Nathan: Would it be an option that someone provides a service that resolves purls to their current resource locations and adds the JS/CORS header info to that service? I mean, one could use a service other than purl.org to resolve a purl.org URI. Something like cors4purl.org. Whenever your JS encounters a http://purl/.*$ URI, you fetch http://cors4purl.org/$1 . Not the most beautiful solution, but likely a clean, pragmatic way to make the many purl.org-based vocabularies accessible for client-side scripts. Martin On 27.10.2010, at 22:14, Nathan wrote: Hi Martin, Great work! sadly though purl.org currently doesn't allow JS/CORS access so it won't work :( this is true for everybody who use PURLz. see: http://groups.google.com/group/persistenturls/browse_thread/thread/d4c5d9880b4fb5fb for the request to add, please do add weight if you want them to make it so - note that this will allow the redirects to be JS/CORS compatible, it's still up to each end URI/domain to allow CORS support (as martin has done). Best, Nathan Martin Hepp wrote: Hi Nathan, all: I just fixed this for GoodRelations http://purl.org/goodrelations/v1 and the Vehicle Sales Ontology (VSO): http://purl.org/vso/ns Best wishes Martin On 23.10.2010, at 03:28, Nathan wrote: Hi Ian, Thanks, I can confirm the change has been successful :) However, one small note is that the conneg URIs such as http://productdb.org/gtin/00319980033520 do not expose the header, thus can't be used. In order to test yourself, simply do a curl -I request on the resource, for instance: curl -I http://productdb.org/gtin/00319980033520.rdf Also, I've just uploaded a small script which lets you enter a uri of an RDF/XML document, it'll try and pull it, parse it and display it as turtle for you - which is a good test of both CORS and the script ;) http://webr3.org/apps/play/api/test FYI, Dan has also made the change so the FOAF vocab is now exposed to JS. Best and thanks again, Nathan Ian Davis wrote: Hi Nathan, I implemented this header on http://productdb.org/ (since I had the code open). Can someone comfirm that it does what's expected (i.e. allows off-domain requesting of data from productdb.org) One important thing to note. The PHP snippet you gave was slightly wrong. The correct form is: header(Access-Control-Allow-Origin: *); Cheers, Ian On Sat, Oct 23, 2010 at 12:04 AM, Nathan nat...@webr3.org wrote: Hi All, Currently nearly all the web of linked data is blocked from access via client side scripts (javascript) due to CORS [1] being implemented in the major browsers. Whilst this is important for all data, there are many of you reading this who have it in your power to expose huge chunks of the RDF on the web to JS clients, if you manage any of the common ontologies or anything in the LOD cloud diagram, please do take a few minutes from your day to expose the single http header needed. Long story short, to allow js clients to access our open data we need to add one small HTTP Response header which will allow HEAD/GET and POST requests - the header is: Access-Control-Allow-Origin * This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible and supported by all the major browser vendors. Instructions for common servers follow: If you're on Apache then you can send this header by simply adding the following line to a .htaccess file in the dir you want to expose (probably site-root): Header add Access-Control-Allow-Origin * For NGINX: add_header Access-Control-Allow-Origin *; see: http://wiki.nginx.org/NginxHttpHeadersModule For IIS see: http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx In PHP you add the following line before any output has been sent from the server with: header(Access-Control-Allow-Origin, *); For anything else you'll need to check the relevant docs I'm afraid. Best TIA, Nathan [1] http://dev.w3.org/2006/waf/access-control/
Re: Please allow JS access to Ontologies and LOD
Hi Martin, A few people are considering setting up a network of JS accessible proxies which can be used to access the web of linked data from JS, however this isn't very HTTP friendly, could cost a lot bandwidth wise, and is more of an interim measure - thus trying to put pressure on to get as much linked data ontologies JS accessible as possible before taking this route. Best, Nathan Martin Hepp wrote: Hi Nathan: Would it be an option that someone provides a service that resolves purls to their current resource locations and adds the JS/CORS header info to that service? I mean, one could use a service other than purl.org to resolve a purl.org URI. Something like cors4purl.org. Whenever your JS encounters a http://purl/.*$ URI, you fetch http://cors4purl.org/$1. Not the most beautiful solution, but likely a clean, pragmatic way to make the many purl.org-based vocabularies accessible for client-side scripts. Martin On 27.10.2010, at 22:14, Nathan wrote: Hi Martin, Great work! sadly though purl.org currently doesn't allow JS/CORS access so it won't work :( this is true for everybody who use PURLz. see: http://groups.google.com/group/persistenturls/browse_thread/thread/d4c5d9880b4fb5fb for the request to add, please do add weight if you want them to make it so - note that this will allow the redirects to be JS/CORS compatible, it's still up to each end URI/domain to allow CORS support (as martin has done). Best, Nathan Martin Hepp wrote: Hi Nathan, all: I just fixed this for GoodRelations http://purl.org/goodrelations/v1 and the Vehicle Sales Ontology (VSO): http://purl.org/vso/ns Best wishes Martin On 23.10.2010, at 03:28, Nathan wrote: Hi Ian, Thanks, I can confirm the change has been successful :) However, one small note is that the conneg URIs such as http://productdb.org/gtin/00319980033520 do not expose the header, thus can't be used. In order to test yourself, simply do a curl -I request on the resource, for instance: curl -I http://productdb.org/gtin/00319980033520.rdf Also, I've just uploaded a small script which lets you enter a uri of an RDF/XML document, it'll try and pull it, parse it and display it as turtle for you - which is a good test of both CORS and the script ;) http://webr3.org/apps/play/api/test FYI, Dan has also made the change so the FOAF vocab is now exposed to JS. Best and thanks again, Nathan Ian Davis wrote: Hi Nathan, I implemented this header on http://productdb.org/ (since I had the code open). Can someone comfirm that it does what's expected (i.e. allows off-domain requesting of data from productdb.org) One important thing to note. The PHP snippet you gave was slightly wrong. The correct form is: header(Access-Control-Allow-Origin: *); Cheers, Ian On Sat, Oct 23, 2010 at 12:04 AM, Nathan nat...@webr3.org wrote: Hi All, Currently nearly all the web of linked data is blocked from access via client side scripts (javascript) due to CORS [1] being implemented in the major browsers. Whilst this is important for all data, there are many of you reading this who have it in your power to expose huge chunks of the RDF on the web to JS clients, if you manage any of the common ontologies or anything in the LOD cloud diagram, please do take a few minutes from your day to expose the single http header needed. Long story short, to allow js clients to access our open data we need to add one small HTTP Response header which will allow HEAD/GET and POST requests - the header is: Access-Control-Allow-Origin * This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible and supported by all the major browser vendors. Instructions for common servers follow: If you're on Apache then you can send this header by simply adding the following line to a .htaccess file in the dir you want to expose (probably site-root): Header add Access-Control-Allow-Origin * For NGINX: add_header Access-Control-Allow-Origin *; see: http://wiki.nginx.org/NginxHttpHeadersModule For IIS see: http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx In PHP you add the following line before any output has been sent from the server with: header(Access-Control-Allow-Origin, *); For anything else you'll need to check the relevant docs I'm afraid. Best TIA, Nathan [1] http://dev.w3.org/2006/waf/access-control/
Re: Please allow JS access to Ontologies and LOD
On Wed, Oct 27, 2010 at 09:00:52PM +, Hugh Glaser wrote: Great stuff - thanks for the advice. Done for sameas.org and *.rkbexplorer.com However, did it via .htaccess, and would prefer to do it in /etc/httpd/http.conf, not least because the vhosts seems to make it end up with two of them (which I assume is not illegal?) Can anyone tell me the http.conf line that does the same thing, to help a lazy citizen :-) Same as in .htaccess I believe. I just put Header add Access-Control-Allow-Origin * for ckan.net in the apache config. Cheers, -w
Re: Please allow JS access to Ontologies and LOD
Cheers Hugh, Actually IIRC having two of them (well *,* is a problem - do see: http://httpd.apache.org/docs/2.0/mod/mod_headers.html For full details, short version is: The directives provided by mod_headers can occur almost anywhere within the server configuration. They are valid in the main server config and virtual host sections, inside Directory, Location and Files sections, and within .htaccess files. Best, Nathan Hugh Glaser wrote: Great stuff - thanks for the advice. Done for sameas.org and *.rkbexplorer.com However, did it via .htaccess, and would prefer to do it in /etc/httpd/http.conf, not least because the vhosts seems to make it end up with two of them (which I assume is not illegal?) Can anyone tell me the http.conf line that does the same thing, to help a lazy citizen :-) Cheers On 23/10/2010 02:28, Nathan nat...@webr3.org wrote: Hi Ian, Thanks, I can confirm the change has been successful :) However, one small note is that the conneg URIs such as http://productdb.org/gtin/00319980033520 do not expose the header, thus can't be used. In order to test yourself, simply do a curl -I request on the resource, for instance: curl -I http://productdb.org/gtin/00319980033520.rdf Also, I've just uploaded a small script which lets you enter a uri of an RDF/XML document, it'll try and pull it, parse it and display it as turtle for you - which is a good test of both CORS and the script ;) http://webr3.org/apps/play/api/test FYI, Dan has also made the change so the FOAF vocab is now exposed to JS. Best and thanks again, Nathan Ian Davis wrote: Hi Nathan, I implemented this header on http://productdb.org/ (since I had the code open). Can someone comfirm that it does what's expected (i.e. allows off-domain requesting of data from productdb.org) One important thing to note. The PHP snippet you gave was slightly wrong. The correct form is: header(Access-Control-Allow-Origin: *); Cheers, Ian On Sat, Oct 23, 2010 at 12:04 AM, Nathan nat...@webr3.org wrote: Hi All, Currently nearly all the web of linked data is blocked from access via client side scripts (javascript) due to CORS [1] being implemented in the major browsers. Whilst this is important for all data, there are many of you reading this who have it in your power to expose huge chunks of the RDF on the web to JS clients, if you manage any of the common ontologies or anything in the LOD cloud diagram, please do take a few minutes from your day to expose the single http header needed. Long story short, to allow js clients to access our open data we need to add one small HTTP Response header which will allow HEAD/GET and POST requests - the header is: Access-Control-Allow-Origin * This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible and supported by all the major browser vendors. Instructions for common servers follow: If you're on Apache then you can send this header by simply adding the following line to a .htaccess file in the dir you want to expose (probably site-root): Header add Access-Control-Allow-Origin * For NGINX: add_header Access-Control-Allow-Origin *; see: http://wiki.nginx.org/NginxHttpHeadersModule For IIS see: http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx In PHP you add the following line before any output has been sent from the server with: header(Access-Control-Allow-Origin, *); For anything else you'll need to check the relevant docs I'm afraid. Best TIA, Nathan [1] http://dev.w3.org/2006/waf/access-control/
Re: Please allow JS access to Ontologies and LOD
(Gone down to LOD list only.) Thanks William - yes, that works fine as is in the /etc/httpd/conf/httpd.conf (to correct the usual path from my email). Put it at the end of Section 2, although I guess where is not very important. On 27/10/2010 22:31, Nathan nat...@webr3.org wrote: Cheers Hugh, Actually IIRC having two of them (well *,* is a problem - do see: http://httpd.apache.org/docs/2.0/mod/mod_headers.html For full details, short version is: The directives provided by mod_headers can occur almost anywhere within the server configuration. They are valid in the main server config and virtual host sections, inside Directory, Location and Files sections, and within .htaccess files. Sorry, not sure if you are saying two is a problem. (And can't quite make it out from the doc.) Will try to work out why sometime (probably something to do with the way we trap 404 to generate the document), but am hoping it is OK for the moment. Best curl -I http://www.sameas.org/json?uri=http://dbpedia.org/resource/London; curl -I http://www.sameas.org/rdf?uri=http://dbpedia.org/resource/London; curl -I http://www.sameas.org/?uri=http://dbpedia.org/resource/London; curl -I http://southampton.rkbexplorer.com/id/person-00173 are fine, but the rkb docs suffer: curl -I http://southampton.rkbexplorer.com/description/person-00173 curl -I http://southampton.rkbexplorer.com/data/person-00173 Best, Nathan Hugh Glaser wrote: Great stuff - thanks for the advice. Done for sameas.org and *.rkbexplorer.com However, did it via .htaccess, and would prefer to do it in /etc/httpd/http.conf, not least because the vhosts seems to make it end up with two of them (which I assume is not illegal?) Can anyone tell me the http.conf line that does the same thing, to help a lazy citizen :-) Cheers On 23/10/2010 02:28, Nathan nat...@webr3.org wrote: Hi Ian, Thanks, I can confirm the change has been successful :) However, one small note is that the conneg URIs such as http://productdb.org/gtin/00319980033520 do not expose the header, thus can't be used. In order to test yourself, simply do a curl -I request on the resource, for instance: curl -I http://productdb.org/gtin/00319980033520.rdf Also, I've just uploaded a small script which lets you enter a uri of an RDF/XML document, it'll try and pull it, parse it and display it as turtle for you - which is a good test of both CORS and the script ;) http://webr3.org/apps/play/api/test FYI, Dan has also made the change so the FOAF vocab is now exposed to JS. Best and thanks again, Nathan Ian Davis wrote: Hi Nathan, I implemented this header on http://productdb.org/ (since I had the code open). Can someone comfirm that it does what's expected (i.e. allows off-domain requesting of data from productdb.org) One important thing to note. The PHP snippet you gave was slightly wrong. The correct form is: header(Access-Control-Allow-Origin: *); Cheers, Ian On Sat, Oct 23, 2010 at 12:04 AM, Nathan nat...@webr3.org wrote: Hi All, Currently nearly all the web of linked data is blocked from access via client side scripts (javascript) due to CORS [1] being implemented in the major browsers. Whilst this is important for all data, there are many of you reading this who have it in your power to expose huge chunks of the RDF on the web to JS clients, if you manage any of the common ontologies or anything in the LOD cloud diagram, please do take a few minutes from your day to expose the single http header needed. Long story short, to allow js clients to access our open data we need to add one small HTTP Response header which will allow HEAD/GET and POST requests - the header is: Access-Control-Allow-Origin * This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible and supported by all the major browser vendors. Instructions for common servers follow: If you're on Apache then you can send this header by simply adding the following line to a .htaccess file in the dir you want to expose (probably site-root): Header add Access-Control-Allow-Origin * For NGINX: add_header Access-Control-Allow-Origin *; see: http://wiki.nginx.org/NginxHttpHeadersModule For IIS see: http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx In PHP you add the following line before any output has been sent from the server with: header(Access-Control-Allow-Origin, *); For anything else you'll need to check the relevant docs I'm afraid. Best TIA, Nathan [1] http://dev.w3.org/2006/waf/access-control/
Re: Please allow JS access to Ontologies and LOD
Hugh Glaser wrote: are fine, but the rkb docs suffer: curl -I http://southampton.rkbexplorer.com/description/person-00173 curl -I http://southampton.rkbexplorer.com/data/person-00173 Yup, the problem is the header is being added twice, unsure of your setup so unsure the two places it's being added! Melvin ran in to the same thing when the header was added by a PHP script [ header(Access-Control... ] and also added via the .htaccess - perhaps you have the same problem, or perhaps you have it in a .htaccess and the main vhost config? Unsure, but there's a duplicate somewhere so perhaps just remove the one you added for a quick fix :) Best, Nathan
Re: Please allow JS access to Ontologies and LOD
Thanks. I had tried removing from the httpd.conf, but then I get none :-) So it is two or none, and I will leave it as 2 for the moment. I am pretty sure it will be something to do with the way we trap 404 in an error-handler to generate the docs. I see there are two for a 404 URI as well. Can't see why, but will ponder on it. Cheers On 27/10/2010 23:23, Nathan nat...@webr3.org wrote: Hugh Glaser wrote: are fine, but the rkb docs suffer: curl -I http://southampton.rkbexplorer.com/description/person-00173 curl -I http://southampton.rkbexplorer.com/data/person-00173 Yup, the problem is the header is being added twice, unsure of your setup so unsure the two places it's being added! Melvin ran in to the same thing when the header was added by a PHP script [ header(Access-Control... ] and also added via the .htaccess - perhaps you have the same problem, or perhaps you have it in a .htaccess and the main vhost config? Unsure, but there's a duplicate somewhere so perhaps just remove the one you added for a quick fix :) Best, Nathan
Re: Please allow JS access to Ontologies and LOD
Hi Hugh, Do try using set instead Header set Access-Control-Allow-Origin * This will replace any existing value, whereas add allows duplicates, as it simply adds the header again. Best, Nathan Hugh Glaser wrote: Thanks. I had tried removing from the httpd.conf, but then I get none :-) So it is two or none, and I will leave it as 2 for the moment. I am pretty sure it will be something to do with the way we trap 404 in an error-handler to generate the docs. I see there are two for a 404 URI as well. Can't see why, but will ponder on it. Cheers On 27/10/2010 23:23, Nathan nat...@webr3.org wrote: Hugh Glaser wrote: are fine, but the rkb docs suffer: curl -I http://southampton.rkbexplorer.com/description/person-00173 curl -I http://southampton.rkbexplorer.com/data/person-00173 Yup, the problem is the header is being added twice, unsure of your setup so unsure the two places it's being added! Melvin ran in to the same thing when the header was added by a PHP script [ header(Access-Control... ] and also added via the .htaccess - perhaps you have the same problem, or perhaps you have it in a .htaccess and the main vhost config? Unsure, but there's a duplicate somewhere so perhaps just remove the one you added for a quick fix :) Best, Nathan
Re: Please allow JS access to Ontologies and LOD
On 2010/10/25, at 22:44, Martin Hepp wrote: Hi Nathan, all: I just fixed this for GoodRelations http://purl.org/goodrelations/v1 and the Vehicle Sales Ontology (VSO): http://purl.org/vso/ns Great! Very exciting! Uh... sorry for the spam.
Re: Please allow JS access to Ontologies and LOD
Hi Nathan, all: I just fixed this for GoodRelations http://purl.org/goodrelations/v1 and the Vehicle Sales Ontology (VSO): http://purl.org/vso/ns Best wishes Martin On 23.10.2010, at 03:28, Nathan wrote: Hi Ian, Thanks, I can confirm the change has been successful :) However, one small note is that the conneg URIs such as http://productdb.org/gtin/00319980033520 do not expose the header, thus can't be used. In order to test yourself, simply do a curl -I request on the resource, for instance: curl -I http://productdb.org/gtin/00319980033520.rdf Also, I've just uploaded a small script which lets you enter a uri of an RDF/XML document, it'll try and pull it, parse it and display it as turtle for you - which is a good test of both CORS and the script ;) http://webr3.org/apps/play/api/test FYI, Dan has also made the change so the FOAF vocab is now exposed to JS. Best and thanks again, Nathan Ian Davis wrote: Hi Nathan, I implemented this header on http://productdb.org/ (since I had the code open). Can someone comfirm that it does what's expected (i.e. allows off-domain requesting of data from productdb.org) One important thing to note. The PHP snippet you gave was slightly wrong. The correct form is: header(Access-Control-Allow-Origin: *); Cheers, Ian On Sat, Oct 23, 2010 at 12:04 AM, Nathan nat...@webr3.org wrote: Hi All, Currently nearly all the web of linked data is blocked from access via client side scripts (javascript) due to CORS [1] being implemented in the major browsers. Whilst this is important for all data, there are many of you reading this who have it in your power to expose huge chunks of the RDF on the web to JS clients, if you manage any of the common ontologies or anything in the LOD cloud diagram, please do take a few minutes from your day to expose the single http header needed. Long story short, to allow js clients to access our open data we need to add one small HTTP Response header which will allow HEAD/GET and POST requests - the header is: Access-Control-Allow-Origin * This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible and supported by all the major browser vendors. Instructions for common servers follow: If you're on Apache then you can send this header by simply adding the following line to a .htaccess file in the dir you want to expose (probably site-root): Header add Access-Control-Allow-Origin * For NGINX: add_header Access-Control-Allow-Origin *; see: http://wiki.nginx.org/NginxHttpHeadersModule For IIS see: http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx In PHP you add the following line before any output has been sent from the server with: header(Access-Control-Allow-Origin, *); For anything else you'll need to check the relevant docs I'm afraid. Best TIA, Nathan [1] http://dev.w3.org/2006/waf/access-control/
Re: Please allow JS access to Ontologies and LOD
On Fri, Oct 22, 2010 at 4:04 PM, Nathan nat...@webr3.org wrote: Whilst this is important for all data, there are many of you reading this who have it in your power to expose huge chunks of the RDF on the web to JS clients, if you manage any of the common ontologies or anything in the LOD cloud diagram, please do take a few minutes from your day to expose the single http header needed. While we're on the subject, do you have a preferred library for working with RDF or OWL in JS? The ones I found (jOWL and Hercules) seemed to be almost abandonware. Where's the action happening? This could be useful both on the client side or on the server side in something like Node.js. -B
Re: Please allow JS access to Ontologies and LOD
On Sat, Oct 23, 2010 at 2:28 AM, Nathan nat...@webr3.org wrote: Hi Ian, Thanks, I can confirm the change has been successful :) However, one small note is that the conneg URIs such as http://productdb.org/gtin/00319980033520 do not expose the header, thus can't be used. Ta. These should be emitting the header now. Ian
Please allow JS access to Ontologies and LOD
Hi All, Currently nearly all the web of linked data is blocked from access via client side scripts (javascript) due to CORS [1] being implemented in the major browsers. Whilst this is important for all data, there are many of you reading this who have it in your power to expose huge chunks of the RDF on the web to JS clients, if you manage any of the common ontologies or anything in the LOD cloud diagram, please do take a few minutes from your day to expose the single http header needed. Long story short, to allow js clients to access our open data we need to add one small HTTP Response header which will allow HEAD/GET and POST requests - the header is: Access-Control-Allow-Origin * This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible and supported by all the major browser vendors. Instructions for common servers follow: If you're on Apache then you can send this header by simply adding the following line to a .htaccess file in the dir you want to expose (probably site-root): Header add Access-Control-Allow-Origin * For NGINX: add_header Access-Control-Allow-Origin *; see: http://wiki.nginx.org/NginxHttpHeadersModule For IIS see: http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx In PHP you add the following line before any output has been sent from the server with: header(Access-Control-Allow-Origin, *); For anything else you'll need to check the relevant docs I'm afraid. Best TIA, Nathan [1] http://dev.w3.org/2006/waf/access-control/
Re: [foaf-protocols] Please allow JS access to Ontologies and LOD
On 23 October 2010 01:04, Nathan nat...@webr3.org wrote: Hi All, Currently nearly all the web of linked data is blocked from access via client side scripts (javascript) due to CORS [1] being implemented in the major browsers. Whilst this is important for all data, there are many of you reading this who have it in your power to expose huge chunks of the RDF on the web to JS clients, if you manage any of the common ontologies or anything in the LOD cloud diagram, please do take a few minutes from your day to expose the single http header needed. Long story short, to allow js clients to access our open data we need to add one small HTTP Response header which will allow HEAD/GET and POST requests - the header is: Access-Control-Allow-Origin * This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible and supported by all the major browser vendors. Instructions for common servers follow: If you're on Apache then you can send this header by simply adding the following line to a .htaccess file in the dir you want to expose (probably site-root): Header add Access-Control-Allow-Origin * For NGINX: add_header Access-Control-Allow-Origin *; see: http://wiki.nginx.org/NginxHttpHeadersModule For IIS see: http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx In PHP you add the following line before any output has been sent from the server with: header(Access-Control-Allow-Origin, *); For anything else you'll need to check the relevant docs I'm afraid. +1 Thanks for the heads up. I added: Header add Access-Control-Allow-Origin * to my .htaccess and everything worked fine. Easy! :) Best TIA, Nathan [1] http://dev.w3.org/2006/waf/access-control/ ___ foaf-protocols mailing list foaf-protoc...@lists.foaf-project.org http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
Re: Please allow JS access to Ontologies and LOD
Hi Nathan, I implemented this header on http://productdb.org/ (since I had the code open). Can someone comfirm that it does what's expected (i.e. allows off-domain requesting of data from productdb.org) One important thing to note. The PHP snippet you gave was slightly wrong. The correct form is: header(Access-Control-Allow-Origin: *); Cheers, Ian On Sat, Oct 23, 2010 at 12:04 AM, Nathan nat...@webr3.org wrote: Hi All, Currently nearly all the web of linked data is blocked from access via client side scripts (javascript) due to CORS [1] being implemented in the major browsers. Whilst this is important for all data, there are many of you reading this who have it in your power to expose huge chunks of the RDF on the web to JS clients, if you manage any of the common ontologies or anything in the LOD cloud diagram, please do take a few minutes from your day to expose the single http header needed. Long story short, to allow js clients to access our open data we need to add one small HTTP Response header which will allow HEAD/GET and POST requests - the header is: Access-Control-Allow-Origin * This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible and supported by all the major browser vendors. Instructions for common servers follow: If you're on Apache then you can send this header by simply adding the following line to a .htaccess file in the dir you want to expose (probably site-root): Header add Access-Control-Allow-Origin * For NGINX: add_header Access-Control-Allow-Origin *; see: http://wiki.nginx.org/NginxHttpHeadersModule For IIS see: http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx In PHP you add the following line before any output has been sent from the server with: header(Access-Control-Allow-Origin, *); For anything else you'll need to check the relevant docs I'm afraid. Best TIA, Nathan [1] http://dev.w3.org/2006/waf/access-control/
Re: Please allow JS access to Ontologies and LOD
Hi Ian, Thanks, I can confirm the change has been successful :) However, one small note is that the conneg URIs such as http://productdb.org/gtin/00319980033520 do not expose the header, thus can't be used. In order to test yourself, simply do a curl -I request on the resource, for instance: curl -I http://productdb.org/gtin/00319980033520.rdf Also, I've just uploaded a small script which lets you enter a uri of an RDF/XML document, it'll try and pull it, parse it and display it as turtle for you - which is a good test of both CORS and the script ;) http://webr3.org/apps/play/api/test FYI, Dan has also made the change so the FOAF vocab is now exposed to JS. Best and thanks again, Nathan Ian Davis wrote: Hi Nathan, I implemented this header on http://productdb.org/ (since I had the code open). Can someone comfirm that it does what's expected (i.e. allows off-domain requesting of data from productdb.org) One important thing to note. The PHP snippet you gave was slightly wrong. The correct form is: header(Access-Control-Allow-Origin: *); Cheers, Ian On Sat, Oct 23, 2010 at 12:04 AM, Nathan nat...@webr3.org wrote: Hi All, Currently nearly all the web of linked data is blocked from access via client side scripts (javascript) due to CORS [1] being implemented in the major browsers. Whilst this is important for all data, there are many of you reading this who have it in your power to expose huge chunks of the RDF on the web to JS clients, if you manage any of the common ontologies or anything in the LOD cloud diagram, please do take a few minutes from your day to expose the single http header needed. Long story short, to allow js clients to access our open data we need to add one small HTTP Response header which will allow HEAD/GET and POST requests - the header is: Access-Control-Allow-Origin * This is both XMLHttpRequest (W3C) and XDomainRequest (Microsoft) compatible and supported by all the major browser vendors. Instructions for common servers follow: If you're on Apache then you can send this header by simply adding the following line to a .htaccess file in the dir you want to expose (probably site-root): Header add Access-Control-Allow-Origin * For NGINX: add_header Access-Control-Allow-Origin *; see: http://wiki.nginx.org/NginxHttpHeadersModule For IIS see: http://technet.microsoft.com/en-us/library/cc753133(WS.10).aspx In PHP you add the following line before any output has been sent from the server with: header(Access-Control-Allow-Origin, *); For anything else you'll need to check the relevant docs I'm afraid. Best TIA, Nathan [1] http://dev.w3.org/2006/waf/access-control/