dokieli icon indicating copy to clipboard operation
dokieli copied to clipboard
verified publisher icon linkeddata

Authentication via proxy for http webIDs

Open rhiaro opened this issue 10 years ago • 2 comments

Attempts to sign in with a http webID result in

"XMLHttpRequest cannot load https://databox.me/,proxy?uri=http%3A%2F%2Frhiaro.co.uk%2Fabout. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://localhost' is therefore not allowed access."

Same even after I changed my server from Access-Control-Allow-Origin "*" to "http://localhost". Something to do with the proxy?

Using databox webIDs directly (so not using the proxy as they're https) works fine.

rhiaro avatar Dec 27 '15 05:12 rhiaro

I think when going through a proxy, and also if withCredentials is set, the remote server's (the final destination e.g., the WebID) response needs to return Access-Control-Allow-Origin: https://databox.me.

csarven avatar Dec 27 '15 13:12 csarven

If a document is served from an https, and if the WebID is http, it goes through the proxy to avoid the mixed content issue. If it goes through that, it need not set the withCredentials since there is none to beginwith, and so the server with WebID can use Access-Control-Allow-Origin: "*" in the response. If the WebID is https, it doesn't go through the proxy. withCredentials is not required either way.

csarven avatar Dec 27 '15 15:12 csarven