We are incorporating results from DbPedia into a web page. We noticed that, when deployed on one of our servers, we were encountering this error: "
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at " followed by the query URL “https://dbpedia.org/sparql?query=…”, etc. We worked around this by using a JSONP request instead of a regular AJAX request. We wanted to ask whether “OpenLink Virtuoso SPARQL Query Editor” is intended to block cross origin requests or should be passing headers to enable AJAX requests? Thanks!
could you copy this deployment (just download the file YASGUI) to your https based web setup and try the following query (select dbpedia.org sparq endpoint first) as in the screenshot below?
I could not reproduce your problem for me CORS is setup based on the origin head in the request.
Access-Control-Allow-Headers: Accept, Authorization, Slug, Link, Origin, Content-type, On-Behalf-Of
Expires: Mon, 06 Dec 2021 10:34:26 GMT
Access-Control-Allow-Methods: GET, POST, OPTIONS
POST /sparql HTTP/1.1
sec-ch-ua: " Not A;Brand";v=“99”, “Chromium”;v=“90”, “Google Chrome”;v=“90”
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Thank you for the recommendation! I will try it out and then provide an update here.
The Cross Origin Resource Sharing (CORS) is one of the few techniques for relaxing the SOP. Because SOP is “on” by default, setting CORS at the server-side will allow a request to be sent to the server via an XMLHttpRequest even if the request was sent from a different domain. This becomes useful if your server was intended to serve requests from other domains (e.g. if you are providing an API).
JSON with Padding is just a way to circumvent same-origin policy, when CORS is not an option. This is risky and a bad practice. Avoid using this.
If you need to enable CORS on the server in case of localhost, you need to have the following on request header.