On Tue, Jan 4, 2011 at 5:37 AM, Roan Kattouw roan.kattouw@gmail.com wrote:
Alternately, we could look at using HTTP access control headers on upload.wikimedia.org, to allow XMLHTTPRequest in newer browsers to make unauthenticated requests to upload.wikimedia.org and return data
directly:
This should be enabled either way. You could then try the cross-domain request, and use the proxy if it fails.
Sensible, yes.
But which browsers need the proxy anyway? Just IE8 and below? Do any of the proxy-needing browsers support CORS?
I think for straight viewing only the Flash compat widget needs cross-domain permissions (browsers with native support use <object> for viewing), and a Flash cross-domain settings file would probably take care of that.
For editing, or other tools that need to directly access the file data, either a proxy or CORS should do the job. I _think_ current versions of all major browsers support CORS for XHR fetches, but I haven't done compat tests yet. (IE8 requires using an alternate XDR class instead of XHR but since it doesn't do native SVG I don't care too much; I haven't checked IE9 yet, but since the editor works in it I want to make sure we can load the files!)
-- brion