SimonBin opened a new issue, #1516: URL: https://github.com/apache/jena/issues/1516
### Version 4.7.0-SNAPSHOT ### Question When securing a data set with authentication, it is in theory possible to query this from **another domain** using XMLHttpRequest This could be useful to use e.g. the commercial YASGUI with Geo plug-in to visualise data from a log-in protected Fuseki. To protect our installation, we changed the `shiro.ini` to: ``` # Everything else /**=authcBasic,user[secretuser] ``` However, it is somewhat more complicated to enable CORS with authentication: [^1] the OPTIONS "pre-flight" request must be answered without the need to log in. Currently, Fuseki fails at this step ``` curl -vv 'http://localhost:3030/ds/' -X OPTIONS -H 'Access-Control-Request-Headers: authorization' -H 'Origin: http://yasgui.triply.cc' ``` ``` < HTTP/1.1 401 Unauthorized ``` it would need to respond with ``` < HTTP/1.1 200 OK < Access-Control-Allow-Origin: http://yasgui.triply.cc < Access-Control-Allow-Credentials: true ``` has anyone faced this issue before? can it be fixed in Fuseki? I know it is possible to work around with a reverse proxy that "hacks in" the proper response.... but that is rather cumbersome [^1]: https://fetch.spec.whatwg.org/#http-responses -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
