https://bugzilla.wikimedia.org/show_bug.cgi?id=28700
--- Comment #8 from Roan Kattouw <[email protected]> 2011-05-03 20:41:41 UTC --- (In reply to comment #7) > We need the additional headers Access-Control-Allow-Methods and > Access-Control-Max-Age for pre-flight requests, I believe. Nah, let's not bother with preflighted stuff. There's pretty much no use for that for upload.wikimedia.org > Am I correct in > assuming we would only want this for retrieval of image files or for > thumbnails > (perhaps generated by a 404 handler), i.e. GET? Anything else would start to > make me nervous. > For POST as well, but that doesn't actually *do* anything on upload anyway, does it? Besides, these requests are already allowed, the only thing that changes is that the requestor will be able to read the response. The only case in which this is dangerous, to my knowledge, is if it contains anti-CSRF tokens, but those don't appear anywhere near upload.wikimedia.org . > I don't have a clue whether we would need to do something with the upload > squids as well. Anybody? Sounds like we would have in order to also serve the headers on old cached images. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
