Support HTTP resources in the browser on an HTTPS page

[james-martin-jd]

I'm working on an application that needs to load vocabularies in order to fetch data, such as a label or a list of subClasses. This worked fine on localhost, but once deployed to a test server the data started failing to load. On investigation, we were getting a CORS issue as we were loading the vocabulary from https://develop.generator.inrupt.com but the vocabulary in question was vcard, which is http://www.w3.org/2006/vcard/ns#. I've used workarounds for this using .from in the past, but in this case the vocabularies are dynamic so it's hard to predict when to use the workaround. Is there a way to bake in a check and workaround? Thanks!

[RubenVerborgh]

@rubensworks I intend to solve this in the dedicated Solid fetcher for Comunica, by keeping a whitelist of domains (such as w3.org) for which we know the HTTP and HTTPS URLs point to the same resources. In other cases, the fetcher should throw an error when receiving an HTTP request when loaded on an HTTPS page.

[james-martin-jd]

Won't the error throwing rely on #30?

[RubenVerborgh]

True; but now it goes silent in any case I think (CORS will not answer back).

[rubensworks]

Right, I lost track of #30. If this is urgent, perhaps @joachimvh could have a look at it? I don't think I'll have time to look at this until next year :s

I intend to solve this in the dedicated Solid fetcher for Comunica, by keeping a whitelist of domains (such as w3.org) for which we know the HTTP and HTTPS URLs point to the same resources.

We could actually create a generic actor for this on the Comunica's HTTP bus that handles such a whitelist. May be useful for non-Solid cases as well.