CORS errors with SPARQL query in languages lookup

[timbl]

It seems that the CORS situation has recently broken for queries to the Wikidata server.

Access to fetch at 'https://query.wikidata.org/sparql?query=SELECT+%3Fitem+%3Fsubject+%3Fname%0AWHERE%0A%7B+%3Fitem+wdt%3AP305+%3Fsubject+.%0A++OPTIONAL+%7B%3Fitem+rdfs%3Alabel+%3Fname%7D%0A++OPTIONAL+%7B%3Fitem+wdt%3AP1705+%3Fname%7D%0A++FILTER+regex%28%3Fname%2C+%22mode%22%2C+%22i%22%29%0A++FILTER+regex%28%3Fsubject%2C+%22%5E..%24%22%2C+%22i%22%29%0A%7D' from origin 'https://timbl.inrupt.net' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
mashlib.min.js:151 GET https://query.wikidata.org/sparql?query=SELECT+%3Fitem+%3Fsubject+%3Fname%0AWHERE%0A%7B+%3Fitem+wdt%3AP305+%3Fsubject+.%0A++OPTIONAL+%7B%3Fitem+rdfs%3Alabel+%3Fname%7D%0A++OPTIONAL+%7B%3Fitem+wdt%3AP1705+%3Fname%7D%0A++FILTER+regex%28%3Fname%2C+%22mode%22%2C+%22i%22%29%0A++FILTER+regex%28%3Fsubject%2C+%22%5E..%24%22%2C+%22i%22%29%0A%7D net::ERR_FAILED
l @ mashlib.min.js:151
await in l (async)
(anonymous) @ mashlib.min.js:151
fetch @ mashlib.min.js:122
(anonymous) @ mashlib.min.js:1
u @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
n @ mashlib.min.js:1
s @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:86
value @ mashlib.min.js:86
(anonymous) @ mashlib.min.js:122
u @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
n @ mashlib.min.js:1
s @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
A @ mashlib.min.js:122
T @ mashlib.min.js:122
(anonymous) @ mashlib.min.js:122
u @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
n @ mashlib.min.js:1
s @ mashlib.min.js:1
Promise.then (async)
n @ mashlib.min.js:1
s @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
S @ mashlib.min.js:122
t.queryPublicDataByName @ mashlib.min.js:122
(anonymous) @ mashlib.min.js:122
u @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
n @ mashlib.min.js:1
s @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
A @ mashlib.min.js:122
T @ mashlib.min.js:122
(anonymous) @ mashlib.min.js:122
u @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
n @ mashlib.min.js:1
s @ mashlib.min.js:1
Promise.then (async)
n @ mashlib.min.js:1
s @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
O @ mashlib.min.js:122
(anonymous) @ mashlib.min.js:122
u @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
(anonymous) @ mashlib.min.js:151
n @ mashlib.min.js:1
s @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
(anonymous) @ mashlib.min.js:1
E @ mashlib.min.js:122
mashlib.min.js:8 Error querying db of organizations: Error: Fetch error for GET of <https://query.wikidata.org/sparql?query=SELECT+%3Fitem+%3Fsubject+%3Fname%0AWHERE%0A%7B+%3Fitem+wdt%3AP305+%3Fsubject+.%0A++OPTIONAL+%7B%3Fitem+rdfs%3Alabel+%3Fname%7D%0A++OPTIONAL+%7B%3Fitem+wdt%3AP1705+%3Fname%7D%0A++FILTER+regex%28%3Fname%2C+%22mode%22%2C+%22i%22%29%0A++FILTER+regex%28%3Fsubject%2C+%22%5E..%24%22%2C+%22i%22%29%0A%7D>:TypeError: Failed to fetch

Provisional headers are shown Learn more Authorization: DPoP eyJhbGciOiJSUzI1NiIsImtpZCI6IlJTZFhXUEplV0pJIn0.eyJpc3MiOiJodHRwczovL2lucnVwdC5uZXQiLCJhdWQiOiJzb2xpZCIsInN1YiI6Imh0dHBzOi8vdGltYmwuaW5ydXB0Lm5ldC9wcm9maWxlL2NhcmQjbWUiLCJleHAiOjE2NDQ0MzIyMTgsImlhdCI6MTY0MzIyMjYxOCwianRpIjoiYjYxZWM5NWRmNjRkNDBlNyIsImNuZiI6eyJqa3QiOiJpY2dWUHFldEMybFRFRDlXU3RYcWNoaDRJSTFEUjhwVnJDX25YYm96U2J3In0sImNsaWVudF9pZCI6IjEwMjEwNDI2YjVjMmQ3NDQ1NTdkZTRlN2VhNjkzZmRkIiwid2ViaWQiOiJodHRwczovL3RpbWJsLmlucnVwdC5uZXQvcHJvZmlsZS9jYXJkI21lIn0.Vz_fZiH1T9i5B7on4toAcvgcCoSXo63myBmPoRoBw1QH01Qo2839uN7W8MGAl56KcqZ9Ap03wmRxEx3COf9cAC4s72L26gvJp--DMw1qBhXyNvg_k-UVd6Fut6Za_aEtM-E-UugmjQnYUGUcu4v1XZJ4wWOAaS5qHK0LJPNx7kuBiiL0SaPQ8pBQfQC3BywUnZFhFLd4gqAYdqAeKJWqHmWJO2JS2WAgEQZbD1GDCTxoPJMTY6o354PEkiy9NptTnTSm9vl4M7uBWc9UXX4z8RYHstvmzNJSvw3FWGhU3mnr4d9e208kUPUZ0KD8x4JibLeTKVDPuvCkVeUM5P7OCA DPoP: eyJhbGciOiJFUzI1NiIsImp3ayI6eyJjcnYiOiJQLTI1NiIsImt0eSI6IkVDIiwieCI6IjR0RU1vWXZYOVluT2VPbzE3dG9vRVJUcTVlMkpHRWctU3Qwe[...] NGaXRlbSt3ZHQlM0FQMTcwNSslM0ZuYW1lJTdEJTBBKytGSUxURVIrcmVnZXglMjglM0ZuYW1lJTJDKyUyMm1vZGUlMjIlMkMrJTIyaSUyMiUyOSUwQSsrRklMVEVSK3JlZ2V4JTI4JTNGc3ViamVjdCUyQyslMjIlNUUuLiUyNCUyMiUyQyslMjJpJTIyJTI5JTBBJTdEIiwiaHRtIjoiR0VUIiwianRpIjoiMjA2OWIzYzMtYzZlOC00NTE4LWIzNzgtMTk0MTg5MGJkYjMzIiwiaWF0IjoxNjQzMjIyODEyfQ.KeJ0Qh9iDQc9cvFT0ypNEaTzxrxeoBRZ9L3QxrOX-EziHasTRCHMaOetiRCTAjzUW2Zswcj1LYM7RuzLLjiIWg Referer: https://timbl.inrupt.net/ sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "macOS" User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36

[jeff-zucker]

My similar error disappeared when I used Firefox or Brave rather than Chrome. This recent change (Jan. 6 2022) to Chrome says :

"Chrome is deprecating direct access to private network endpoints from public websites as part of the Private Network Access (PNA) specification." See https://developer.chrome.com/blog/private-network-access-preflight/#what-is-private-network-access

[SharonStrats]

Here is also the support details to show it was included in chrome 97, even though it says in the article above it shouldn't begin until chrome 98. https://support.google.com/chrome/a/answer/7679408?hl=en

[timbl]

Note Gitter chat from https://gitter.im/solid/solidos?at=61f1583a9b470f389786b34b

[timbl]

The options seem to be credentials: 'omit' when webOperation is called, and when the fetch it calls is called.

[timbl]

I'll try this solid-ui:

async function thisFetch (url, requestInit) => {
  const omitCreds = requestInit && requestInit.credentials && requestInit.credentials == 'omit'
  if (authSession.info.webId && !omitCreds) { // see https://github.com/solid/solidos/issues/114
    // In fact ftech should respect crentials omit itself
    return authSession.fetch(url, requestInit)
  } else {
    return window.fetch(url, requestInit)
  }
}