Page MenuHomePhabricator

Use CORS-enabled fetch of scripts to avoid same-domain limitations in JS error logging
Open, LowestPublic

Description

  • make sure all script files are served with CORS Allow-Origin headers
  • make sure script tags added by ResourceLoader in the process of module loading have a crossorigin="anonymous" attribute

This should only be done if T507 shows that CORS fetches work reliably for the overwhelming majority of users.
If this turns out to be problematic, T513 could be an alternative.

Event Timeline

Tgr created this task.Sep 29 2014, 7:46 PM
Tgr claimed this task.
Tgr raised the priority of this task from to Normal.
Tgr updated the task description. (Show Details)
Tgr changed Security from none to None.
Tgr added a subscriber: Tgr.
Tgr updated the task description. (Show Details)Sep 29 2014, 11:28 PM
Tgr renamed this task from Use CORS-enabled fetch for scripts to Use CORS-enabled fetch of scripts to avoid same-domain limitations in JS error logging.Oct 1 2014, 10:15 AM
Tgr removed Tgr as the assignee of this task.Jan 30 2015, 2:38 AM
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptAug 12 2015, 6:00 AM
Tgr closed this task as Declined.Aug 12 2015, 11:41 PM
Tgr claimed this task.

Not necessary after T95448 (global user JS is still loaded cross-domain I believe, and some gadgets have central wikis, but those use cases are not worth the effort, and might go away after T31272).

Restricted Application removed a subscriber: Liuxinyu970226. · View Herald TranscriptAug 12 2015, 11:41 PM
Tgr reopened this task as Open.Aug 12 2015, 11:55 PM

Still useful for third parties I guess.

Tgr lowered the priority of this task from Normal to Lowest.Aug 12 2015, 11:55 PM
Jdforrester-WMF moved this task from Untriaged to Backlog on the Multimedia board.Sep 4 2015, 6:17 PM