On Tue, Jan 4, 2011 at 5:37 AM, Roan Kattouw <roan.kattouw(a)gmail.com> wrote:
Alternately,
we could look at using HTTP access control headers on
upload.wikimedia.org, to allow XMLHTTPRequest in newer browsers to make
unauthenticated requests to
upload.wikimedia.org and return data
directly:
This should be enabled either way. You
could then try the cross-domain
request, and use the proxy if it fails.
Sensible, yes.
But which browsers need the proxy anyway? Just IE8 and
below? Do any
of the proxy-needing browsers support CORS?
I think for straight viewing only the Flash compat widget needs cross-domain
permissions (browsers with native support use <object> for viewing), and a
Flash cross-domain settings file would probably take care of that.
For editing, or other tools that need to directly access the file data,
either a proxy or CORS should do the job. I _think_ current versions of all
major browsers support CORS for XHR fetches, but I haven't done compat tests
yet. (IE8 requires using an alternate XDR class instead of XHR but since it
doesn't do native SVG I don't care too much; I haven't checked IE9 yet, but
since the editor works in it I want to make sure we can load the files!)
-- brion