-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
inrupt.com does not accept application/ld+json #1389
Comments
The mime-type |
@acoburn sorry a miss-copy. i've got ld+json in the code, fixed in the issue |
@scenaristeur the server may not support arbitrary external contexts. If you must use JSON-LD for writes, try embedding the context in the data payload. |
is there a list of compatible / not arbitrary external contexts ? |
@acoburn I just saw this, and, I'm wondering why ESS would care about the contentType of a file? (i.e., arbitrary blob of data) — the code above is using overwriteFile |
In order to support content negotiation (per Solid protocol) for RDF resources, if a client uploads a JSON-LD document and then tries to content negotiate the representation as Turtle, the server necessarily has to download the (arbitrary) context URL. A client forcing a server to download arbitrary resources on the web is a classic example of Server Side Request Forgery. Without any sort of allow list of the remote context documents, you can use your imagination for the kinds of exploits that are possible here. |
Right, but here we're working with a File not a Resource. Though I've just checked the spec and it doesn't seem to differentiate, though our SDK definitely does. if I upload a File that's an image/png, would it make sense that you would content-negotiate it to turtle? That seems like it'd be asking for trouble? |
JSON-LD is an RDF resource. Unless you are uploading that with The client may distinguish between Files and Resources, but from a server's perspective, there are two indicators: HTTP Method (e.g., |
inrupt.com does not accept application/json+ld as mimetype, only application/json
shouldn't Entreprise inrupt server accept application/json+ld ?
the app https://scenaristeur.github.io/verse/
the code https://github.com/scenaristeur/verse/blob/e2e7f4c895d62222d33eee6d05e6033c2c96e36c/src/plugins/solid-data.js#L55
The text was updated successfully, but these errors were encountered: