I'm trying to query bigdata SPARQL endpoint through a browser, using javascript, but there is the usual origin issue that can be solved by adding CORS support to the endpoint. How can I do it?
Thanks in advance!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
CONFIDENTIALITY NOTICE: This email and its contents and attachments are
for the sole use of the intended recipient(s) and are confidential or
proprietary to SYSTAP. Any unauthorized review, use, disclosure,
dissemination or copying of this email or its contents or attachments is
prohibited. If you have received this communication in error, please notify
the sender by reply email and permanently delete all copies of the email
and its contents and attachments.
I'm trying to query bigdata SPARQL endpoint through a browser, using
javascript, but there is the usual origin issue that can be solved by
adding CORS support to the endpoint. How can I do it?
What I am trying to do is to use the SPARQL endpoint, from a javascript sample application I did (in my browser). In other words, I'm making an AJAX request in chrome/firefox:
And the error message, in the browser, is the following:
XMLHttpRequest cannot load http://172.17.42.1:9999/bigdata/namespace/kb/sparql. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.
If you own the endpoint, I imagine that the easiest thing is to put your
javascript in the same webapp, right? If the javascript is delivered from
the same host as the page then this should work, correct? You can just put
your javascript into bigdata-war/src/html.js.vendor and your style sheets
into html.css.vendor. When you load your javascript from the server, it
should not have any problems with cross-site scripting.
It's been a while since I've dealt with this sort of issue, but I believe
this should work.
You could also look at workbench.js for how it handles communications with
the SPARQL endpoint.
CONFIDENTIALITY NOTICE: This email and its contents and attachments are
for the sole use of the intended recipient(s) and are confidential or
proprietary to SYSTAP. Any unauthorized review, use, disclosure,
dissemination or copying of this email or its contents or attachments is
prohibited. If you have received this communication in error, please notify
the sender by reply email and permanently delete all copies of the email
and its contents and attachments.
What I am trying to do is to use the SPARQL endpoint, from a javascript
sample application I did (in my browser). In other words, I'm making an
AJAX request in chrome/firefox:
And the error message, in the browser, is the following:
XMLHttpRequest cannot load http://172.17.42.1:9999/bigdata/namespace/kb/sparql. No
'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost' is therefore not allowed access.
1) Create the following directory: "bigdata-war/src/WEB-INF/lib/"
2) Add a copy of "this" JAR to that directory: http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-servlets/ (choose one)
3) put the following XML code into "bigdata-war/src/WEB-INF/web.xml":
I am happy to put up a wiki page for this. Can you provide a working
example together with a little more documentation around what problem this
is solving and what security risks this might open up? Bryan
CONFIDENTIALITY NOTICE: This email and its contents and attachments are
for the sole use of the intended recipient(s) and are confidential or
proprietary to SYSTAP. Any unauthorized review, use, disclosure,
dissemination or copying of this email or its contents or attachments is
prohibited. If you have received this communication in error, please notify
the sender by reply email and permanently delete all copies of the email
and its contents and attachments.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Greetings!
I'm trying to query bigdata SPARQL endpoint through a browser, using javascript, but there is the usual origin issue that can be solved by adding CORS support to the endpoint. How can I do it?
Thanks in advance!
Can you explain this in a little more depth? Are you trying to add a
header into the http response of the server?
Thanks,
Bryan
Bryan Thompson
Chief Scientist & Founder
SYSTAP, LLC
4501 Tower Road
Greensboro, NC 27410
bryan@systap.com
http://bigdata.com
http://mapgraph.io
CONFIDENTIALITY NOTICE: This email and its contents and attachments are
for the sole use of the intended recipient(s) and are confidential or
proprietary to SYSTAP. Any unauthorized review, use, disclosure,
dissemination or copying of this email or its contents or attachments is
prohibited. If you have received this communication in error, please notify
the sender by reply email and permanently delete all copies of the email
and its contents and attachments.
On Sat, Nov 22, 2014 at 3:47 PM, Bruno Dias brunodias77@users.sf.net
wrote:
What I am trying to do is to use the SPARQL endpoint, from a javascript sample application I did (in my browser). In other words, I'm making an AJAX request in chrome/firefox:
$.ajax({
type: "POST",
url: "http://172.17.42.1:9999/bigdata/namespace/kb/sparql",
data: { query:"SELECT * WHERE { ?x ?y ?z. }" }
}).done(function( msg ) {
alert( "Data Saved: " + msg );
});
And the error message, in the browser, is the following:
XMLHttpRequest cannot load http://172.17.42.1:9999/bigdata/namespace/kb/sparql. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.
Additionally, I get this error in the console:
http://pastebin.com/HQHX4pe2
If you own the endpoint, I imagine that the easiest thing is to put your
javascript in the same webapp, right? If the javascript is delivered from
the same host as the page then this should work, correct? You can just put
your javascript into bigdata-war/src/html.js.vendor and your style sheets
into html.css.vendor. When you load your javascript from the server, it
should not have any problems with cross-site scripting.
It's been a while since I've dealt with this sort of issue, but I believe
this should work.
You could also look at workbench.js for how it handles communications with
the SPARQL endpoint.
Thanks,
Bryan
Bryan Thompson
Chief Scientist & Founder
SYSTAP, LLC
4501 Tower Road
Greensboro, NC 27410
bryan@systap.com
http://bigdata.com
http://mapgraph.io
CONFIDENTIALITY NOTICE: This email and its contents and attachments are
for the sole use of the intended recipient(s) and are confidential or
proprietary to SYSTAP. Any unauthorized review, use, disclosure,
dissemination or copying of this email or its contents or attachments is
prohibited. If you have received this communication in error, please notify
the sender by reply email and permanently delete all copies of the email
and its contents and attachments.
On Tue, Nov 25, 2014 at 7:40 AM, Bruno Dias brunodias77@users.sf.net
wrote:
Thanks for the (very) quick responses, Bryan! :)
So, this is the first time I need to dive into Jetty applications. And I found this: http://wiki.eclipse.org/Jetty/Feature/Cross_Origin_Filter
1) Create the following directory: "bigdata-war/src/WEB-INF/lib/"
2) Add a copy of "this" JAR to that directory: http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-servlets/ (choose one)
3) put the following XML code into "bigdata-war/src/WEB-INF/web.xml":
<filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
<init-param>
<param-name>allowedOrigins</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>allowedMethods</param-name>
<param-value>GET,POST,OPTIONS,DELETE,PUT,HEAD</param-value>
</init-param>
<init-param>
<param-name>allowedHeaders</param-name>
<param-value>origin, content-type, accept, authorization</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern></url-pattern></filter-mapping>
4) Profit
Maybe this is a good thing to put in bigdata wiki. At least, it was the first source I tried to use to solve the CORS issue.
The idea is not about owning (or not) the sparql endpoint. Is to make it possible that remote web apps can access it, without intermediary requests.
I am happy to put up a wiki page for this. Can you provide a working
example together with a little more documentation around what problem this
is solving and what security risks this might open up? Bryan
On Tuesday, November 25, 2014, Bruno Dias brunodias77@users.sf.net wrote:
--
Bryan Thompson
Chief Scientist & Founder
SYSTAP, LLC
4501 Tower Road
Greensboro, NC 27410
bryan@systap.com
http://bigdata.com
http://mapgraph.io
CONFIDENTIALITY NOTICE: This email and its contents and attachments are
for the sole use of the intended recipient(s) and are confidential or
proprietary to SYSTAP. Any unauthorized review, use, disclosure,
dissemination or copying of this email or its contents or attachments is
prohibited. If you have received this communication in error, please notify
the sender by reply email and permanently delete all copies of the email
and its contents and attachments.