I’ve been testing out Virtuoso opensource edition through the docker image for debugging my fork of YasguiMatdata-eu/Yasgui: SPARQL development web application that supports SPARQLing with Basic authentication. And I encounter an unexpected issue that took me some time to understand.
On an BASIC authentication enabled SPARQL endpoint in Virtuoso, when trying to query from a CORS website, the webbrowser will first send a OPTIONS HTTP call. This call never includes credentials (default browser behavior), Virtuoso replies with a 401, saying credentials are missing. I do not think that this is not correct webserver behavior.
In this Virtuoso release: Virtuoso 08.03.3326 Release Notes there is a mention of “Fixed OPTIONS is pre-flight; should be 200 w/ CORS headers” which is exactly this problem.
Can it be that this fix from a previous release returned or is still present? I’m using the docker image that has as argument VIRTUOSO_VERSION=7.2.16
@PvK In addition, I noticed that a Virtuoso server that replies with the ‘server’ response header: “Virtuoso/08.03.3332 (Linux) x86_64-ubuntu_focal-linux-gnu-glibc2.31 VDB” will not have a deterministic response to an HTTP call. Only 1 out of two HTTP requests will return the CORS related headers: