Open dr0i opened 6 years ago
Don't we have valid foaf profiles (whatever that is)? I think Ben is referring to a missing CORS header. Do we have a problem with that?
....(whatever that is)
exactly. And CORS we have not enabled at least for http://lobid.org/download/pc.htm . Hm, as my name shows up when trying to sign-in at csarven.ca with http://lobid.org/download/pc.htm maybe it's working even without CORS enabled. My avatar doesn't show up so I am not sure if I am logged in.
The current "sign in" (via WebID/URI input) is not authenticating but only fetching the profile information. So, a test against that should be fine (for the purpose of this issue) but the actual authentication is orthogonal, ie. with TLS or OIDC at this time.
As for CORS stuff, if the WebID uses http
scheme, it'll go through a proxy ( https://dokie.li/proxy?uri=
). This is to get around mixed content blocking if the origin URL is https
. But, here it just defaults to the proxy to be on the safe side. For https
, it won't go through the proxy, so in that case CORS needs to be enabled on the server hosting the WebID.
To sign-in with foaf:profile in e.g. csarven.ca/ one needs a valid foaf:profile, see #359. Also:
(Source: @bencomp 15:41 at https://gitter.im/linkeddata/dokieli?at=5a255eab87680e6230ccb84b )