[Feature] index: allow CORS (cross-origin resource sharing) for CC Legal Tools

[TimidRobot]

Problem

[#78119] Machine readable licenses are not machine readable : Creative Commons Freshdesk ticket contains:

From JavaScript, I cannot execute an XMLHttpRequest for either the HTML URL (needed to find HTTP link element) or the RDF URL. The request is denied as a cross-origin request.

I don't know, but to make the license available to machines that want to check the license details, then both the license HTML and the RDF should be served with the HTTP response header:

Access-Control-Allow-Origin: *

Cross-origin resource sharing - Wikipedia:

A wildcard same-origin policy is appropriate when a page or API response is considered completely public content and it is intended to be accessible to everyone, including any code on any site.

Description

1. Enable headers apache2 module

2. Set header in states/apache2/files/index.conf:

   index 9088170..d2871c3 100644
   --- states/apache2/files/index.conf
   +++ states/apache2/files/index.conf
   @@ -30,28 +30,30 @@
        <Directory /var/www/git/cc-legal-tools-data/docs>
            # Disable .htaccess (for security and performance)
            AllowOverride None
            # Also serve HTML files without .html extension
            RewriteCond %{REQUEST_FILENAME}.html -f
            RewriteRule !.*\.html$ %{REQUEST_FILENAME}.html [L]
            # Redirect .../index.php to .../
            RewriteCond %{REQUEST_FILENAME} "index\.php$" [NC]
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule (.*/)index\.php$ $1 [L,NC,R=301]
            # Deny access to PHP files (content should be only static files)
            RewriteRule .*\.php$ "-" [F,L]
            # Correct mimetype for .../rdf files
            RewriteRule (.*/rdf$) $1 [T=application/rdf+xml]
   +        # Enable CORS (cross-origin resource sharing)
   +        Header set Access-Control-Allow-Origin "*"
        </Directory>
        Include /var/www/git/cc-legal-tools-data/config/language-redirects
        RedirectPermanent  /licenses/mark/1.0  /publicdomain/mark/1.0
        RedirectPermanent  /licences           /licenses
   
        ###########################################################################
        # Chooser
    #    Alias /choose /var/www/git/chooser/docs
    #    <Directory /var/www/git/chooser/docs>
    #        # Disable .htaccess (for security and performance)
    #        AllowOverride None
    #        # Redirect .../index.php to .../
    #        RewriteCond %{REQUEST_FILENAME} "index\.php$" [NC]
    #        RewriteCond %{REQUEST_FILENAME} !-f

Alternatives

🤷🏻

Additional context

• Cross-origin resource sharing - Wikipedia
• Cross-Origin Resource Sharing (CORS) - HTTP | MDN
  • Access-Control-Allow-Origin - HTTP | MDN
• mod_headers - Apache HTTP Server Version 2.4

Implementation

• [ ] I would be interested in implementing this feature.

[pushkarDigitWork]

Can you please assign this issue to me @TimidRobot? Thankyou

[TimidRobot]

Please see Contribution Guidelines — Creative Commons Open Source for how we manage issues and PRs (we generally don't assign issues prior to resolution).

[amandayclee]

Hey @TimidRobot I'm working on this issue!