Feature request: Enable CORS header in the REST service

May 19, 2015 at 12:04 AM
Hi all,

Today I tried to access the sparql service with a simple angularjs web page (**). But I tripped over the common error message
XMLHttpRequest cannot load http://localhost:8090/brightstar/Demo/sparql.json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
when sending a "select {$s $p $o}" query with angular's $http service. See https://docs.angularjs.org/api/ng/service/$http for the service and (*) below for the http protocol trace.

This is a problem in the self-host scenario, because there is no way to serve my own pages from the same origin, in this case //localhost:8090/, so the service is quite useless with a standard browser as a client as it would deny any access to the sparql service with the CORS error above.

A solution would be to (optionally?) send the http header Access-Control-Allow-Origin: * with the OPTIONS and the GET/POST response as described in http://stackoverflow.com/questions/15658627/is-it-possible-to-enable-cors-using-nancyfx . I've already tried extending the webapp/web.config file as mentioned there, but with no effect. I've also tried to put my app.htm in the assets folder, but alas the webapp would not serve it.

Martin


(*) This is the req-resp:
Remote Address:[::1]:8090
Request URL:http://localhost:8090/brightstar/Demo/sparql.json
Request Method:OPTIONS
Status Code:200 OK
Response Headers
HTTP/1.1 200 OK
Allow: GET, POST
Content-Length: 0
Content-Type: text/html
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 18 May 2015 23:34:12 GMT
Request Headers
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Cache-Control:max-age=0
Connection:keep-alive
Host:localhost:8090
Origin:null
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
(**) a snippet from the angularjs app
angular.module('sparqlapp').controller('sparqlappC', function ($scope, $http) {
  var sparql = "http://localhost:8090/brightstar/Demo/sparql.json";
  if (true) {
    // https://docs.angularjs.org/api/ng/service/$http
    $http.post(sparql, {query: "select {$s $p $o}"})
      .success(function(data, status, headers, config){
        $scope.D = data;
        $scope.msg ="OK";
      })
      .error(function(data, status, headers, config){
        $scope.msg = "Fehler: " + status;
      })
    ; // POST
  };
  $scope.msg = "";
});
Coordinator
May 19, 2015 at 8:18 AM
Thanks for the report. We should definitely enable this as it is really part of the point of having a REST service in the first place :-)

My feeling is that CORS should be enabled by default; the origin should default to the wildcard and it should be possible to configure the origin(s) and to turn off CORS completely. Does that sound OK to you ?

I've added this as issue #210 to the github issue tracker. Feel free to comment either there or here!

Cheers

Kal