On Tue, Jan 4, 2011 at 5:37 AM, Roan Kattouw <[email protected]> wrote:
> > Alternately, we could look at using HTTP access control headers on > > upload.wikimedia.org, to allow XMLHTTPRequest in newer browsers to make > > unauthenticated requests to upload.wikimedia.org and return data > directly: > > > This should be enabled either way. You could then try the cross-domain > request, and use the proxy if it fails. > Sensible, yes. > But which browsers need the proxy anyway? Just IE8 and below? Do any > of the proxy-needing browsers support CORS? > I think for straight viewing only the Flash compat widget needs cross-domain permissions (browsers with native support use <object> for viewing), and a Flash cross-domain settings file would probably take care of that. For editing, or other tools that need to directly access the file data, either a proxy or CORS should do the job. I _think_ current versions of all major browsers support CORS for XHR fetches, but I haven't done compat tests yet. (IE8 requires using an alternate XDR class instead of XHR but since it doesn't do native SVG I don't care too much; I haven't checked IE9 yet, but since the editor works in it I want to make sure we can load the files!) -- brion _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
