On Sat, Aug 15, 2015 at 01:00:38AM -0700, Gergo Tisza wrote: > That does not sound like a big deal since we are loading most Javascript > files from our own servers, and can fully control what headers are set, but > we ran into occasional problems in the past when using CORS (MediaViewer > uses CORS-enabled image loading to get access to certain performance > statistics): some people use proxies or firewalls which strip CORS headers > from the responses as some sort of misguided security effort, causing the > request to fail. We wanted to know how many users would be affected by this > if we loaded ResourceLoader scripts via CORS.
For Wikimedia sites, it is now impossible for proxies or firewalls to strip headers, after the switch to HTTPS-only. Was this analysis done before or during the HTTPS-only migration? Faidon _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l