-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
w3id.org should not redirect on OPTIONS #4185
Comments
Steps to reproduce:
Example of working configuration
|
There are a few things going on here. Summary is that I'm not sure how to solve this in a generic global way.
RewriteOptions InheritDownBefore
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^ - [R=204,L]
I'm not sure what to do here. Since people haven't been complaining about this, and even I didn't realize this was an issue, perhaps it can be better documented and handled on a per-id basis when needed? It's a few lines and I think the special local use cases can be handled better. Like using other CORS headers to set allowed headers, methods, etc. Thoughts? |
Disclaimer: I don't claim to be the ultimate expert on CORS, but I think I have a fair understanding of how it works. My thinking is that w3id.org is meant to be as transparent as possible. It sets Yes, if the destination server is not configured for handling preflight requests, there will be an error down the line. This is not your concern, just like it is not your concern if the URL you redirect to returns a 404, or if it does not include the allow-origin header to allow CORS queries. Anyway, CORS is "reject by default", so if the destination server is not configured, the query will be rejected. Being permissive on w3id's side is not putting the destination server at risk. That being said, you are right, I might just as well try to configure it locally, and when I have a working configuration, we can discuss if it is worth making it global. |
#4196 did the trick (in the Note that, for testing in Chrome, you can force the preflight request by replacing await fetch(
"https://w3id.org/SpOTy/ontology",
{headers: {"x-foo": "to-force-preflight-query"}}
) |
When w3id.org gets an
OPTIONS
request, it returns a302 Found
redirect (as it does for aGET
).The problem is that, in a CORS context, this leads to a 'CORS request external redirect not allowed' error.
The problem would be solved if w3id.org returned a
200 Ok
onOPTIONS
.The text was updated successfully, but these errors were encountered: