Page MenuHomePhabricator
Create Task
Maniphest T508

Use CORS-enabled fetch of scripts to avoid same-domain limitations in JS error logging
Open, LowestPublic
Actions

Description

  • make sure all script files are served with CORS Allow-Origin headers
  • make sure script tags added by ResourceLoader in the process of module loading have a crossorigin="anonymous" attribute

This should only be done if T507 shows that CORS fetches work reliably for the overwhelming majority of users.
If this turns out to be problematic, T513 could be an alternative.

Related Objects
Search...

Event Timeline

Tgr created this task.Sep 29 2014, 7:46 PM
Tgr claimed this task.
Tgr raised the priority of this task from to Medium.
Tgr updated the task description. (Show Details)
Tgr changed Security from none to None.
Tgr subscribed.
Tgr mentioned this in T513: Wrap scripts with exception handling for automatic JS error logging.Sep 29 2014, 11:19 PM
Tgr updated the task description. (Show Details)Sep 29 2014, 11:28 PM
Tgr renamed this task from Use CORS-enabled fetch for scripts to Use CORS-enabled fetch of scripts to avoid same-domain limitations in JS error logging.Oct 1 2014, 10:15 AM
Tgr mentioned this in T382: RfC: Server-side Javascript error logging.Oct 1 2014, 1:00 PM
Tgr added a project: Multimedia.Oct 26 2014, 1:55 PM
Tgr removed Tgr as the assignee of this task.Jan 30 2015, 2:38 AM
Liuxinyu970226 subscribed.Feb 12 2015, 3:12 AM
Tgr added a subtask: T507: Measure how many users have CORS-hostile proxies.Mar 6 2015, 1:35 AM
Tgr added a parent task: T88399: Improve Javascript error logging coverage.
Tgr mentioned this in T88399: Improve Javascript error logging coverage.Mar 25 2015, 10:22 PM
Tgr closed subtask T507: Measure how many users have CORS-hostile proxies as Resolved.Aug 12 2015, 6:00 AM
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptAug 12 2015, 6:00 AM
Tgr closed this task as Declined.Aug 12 2015, 11:41 PM
Tgr claimed this task.

Not necessary after T95448 (global user JS is still loaded cross-domain I believe, and some gadgets have central wikis, but those use cases are not worth the effort, and might go away after T31272).

Restricted Application removed a subscriber: Liuxinyu970226. · View Herald TranscriptAug 12 2015, 11:41 PM
Tgr reopened this task as Open.Aug 12 2015, 11:55 PM

Still useful for third parties I guess.

Tgr lowered the priority of this task from Medium to Lowest.Aug 12 2015, 11:55 PM
Jdforrester-WMF moved this task from Untriaged to Backlog on the Multimedia board.Sep 4 2015, 6:17 PM
Tgr added a project: Sentry.Sep 25 2015, 5:35 PM
Aklapper removed Tgr as the assignee of this task.Mar 15 2020, 10:13 AM
Tgr mentioned this in T499: Create error logging JS module.Sep 17 2020, 12:00 AM
Tgr removed a project: Sentry.Sep 17 2020, 2:37 AM

At the time of creating this task it was assumed that the server side implementation of error logging would be based on Sentry. We have eventually decided on a different implementation, so de-tagging.

Jdlrobson subscribed.Sep 29 2020, 5:34 PM
Aklapper added a project: WMF-General-or-Unknown.Oct 12 2020, 5:40 AM

This open task has no active project tags so it will not be found. Adding vague WMF-General-or-Unknown, please feel welcome to add a more specific tag.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL