Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross Origin Resource Sharing (CORS) #143

Open
gezever opened this issue Sep 13, 2024 · 0 comments
Open

Cross Origin Resource Sharing (CORS) #143

gezever opened this issue Sep 13, 2024 · 0 comments

Comments

@gezever
Copy link

gezever commented Sep 13, 2024

Cross Origin Resource Sharing in orde krijgen, in combinatie met de, door DV opgelegde, id/doc redirect, is niet zo eenvoudig.
De oplossing kan echter niet het rechtstreeks gebruik van de doc-url als identifier zijn.
Momenteel worden requesten op de id-uri geblokkeerd in de browser.

fetch('https://data.vlaanderen.be/id/organisatie/OVO003323', {headers: { 'Accept': 'text/turtle'}}).then(async response => { console.log(await response.text()); });

Deze request geeft volgende errors:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://data.vlaanderen.be/id/organisatie/OVO003323. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘*, *’).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://data.vlaanderen.be/id/organisatie/OVO003323. (Reason: CORS request did not succeed). Status code: (null).

Uncaught (in promise) TypeError: NetworkError when attempting to fetch resource.

De request op de doc-url werkt wel.

fetch('https://data.vlaanderen.be/doc/organisatie/OVO003323', {headers: { 'Accept': 'text/turtle'}}).then(async response => { console.log(await response.text()); });

Headers die worden meegegeven

$ curl -I -H 'Accept: text/turtle' https://data.vlaanderen.be/id/organisatie/OVO003323
HTTP/1.1 303 See Other
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Length: 0
Location: /doc/organisatie/OVO003323
Vary: Accept
X-Request-Id: ff48c00a2a1044c2ba030e2c9a7250a9
X-Response-Time: 0.211ms
Expires: Fri, 13 Sep 2024 13:05:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 13 Sep 2024 13:05:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400

Het valt op dat sommige headers dubbel worden meegegeven. Twee Access-Control-Allow-Origin headers wil een browser zeker niet.
=> RequestHeader unset Origin in de apache config lost dit op.

Oplossing
Aanpassen apache config van het domein data.vlaanderen.be

Meer info over de settings bij departement omgeving kan je bij mij krijgen.

Zie ook: Informatievlaanderen/OSLOthema-omgevingsvergunning#16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gezever