solid / specification

Solid Technical Reports
https://solidproject.org/TR/
MIT License
494 stars 44 forks source link

CORS proxy support #226

Open csarven opened 3 years ago

csarven commented 3 years ago

Clients need to use a CORS proxy (for age old reasons.., https://github.com/w3ctag/design-reviews/issues/76 , ..)

Server needs to offer a CORS proxy endpoint.

Doublecheck authn/z requirements..

Related: discover preferred/trusted proxies https://github.com/solid/vocab/issues/26

elf-pavlik commented 3 years ago

Server needs to offer a CORS proxy endpoint.

Can CORS proxy be an independent component in the ecosystem which one can choose to deploy together or separate from storage servers?

csarven commented 12 months ago

I would suspect that for reading resources the proxy service can be independent / be anywhere, i.e., not necessarily part of a Solid server. For writing resources, it would probably need to be based on authn/z mechanisms that a Solid application recognises/implements.

So, when a Solid server supports a proxy, it enables Solid applications to implement a category of use cases - accessing resources not only on a Solid server but anywhere.

In any case, a Solid application needs to be able to follow-its-nose, and discovery the endpoint, and so we need to resolve that in Solid Terms ( https://github.com/solid/vocab/issues/26 ) and explain that need through specifications such as Solid WebID Profile ( https://github.com/solid/webid-profile/issues/111 ).