You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4.1 KiB
4.1 KiB
CORS Disabled for Universal Image Support
Decision Summary
CORS headers have been disabled to support Time Safari's core mission: enabling users to share images from any domain without restrictions.
What Changed
❌ Removed CORS Headers
Cross-Origin-Opener-Policy: same-originCross-Origin-Embedder-Policy: require-corp
✅ Results
- Images from any domain now work in development and production
- No proxy configuration needed
- No whitelist of supported image hosts
- True community-driven image sharing
Technical Tradeoffs
🔻 Lost: SharedArrayBuffer Performance
- Before: Fast SQLite operations via SharedArrayBuffer
- After: Slightly slower IndexedDB fallback mode
- Impact: Minimal for typical usage - absurd-sql automatically falls back
🔺 Gained: Universal Image Support
- Before: Only specific domains worked (TimeSafari, Flickr, Imgur, etc.)
- After: Any image URL works immediately
- Impact: Massive improvement for user experience
Architecture Impact
Database Operations
// absurd-sql automatically detects SharedArrayBuffer availability
if (typeof SharedArrayBuffer === "undefined") {
// Uses IndexedDB backend (current state)
console.log("Using IndexedDB fallback mode");
} else {
// Uses SharedArrayBuffer (not available due to disabled CORS)
console.log("Using SharedArrayBuffer mode");
}
Image Loading
// All images load directly now
export function transformImageUrlForCors(imageUrl: string): string {
return imageUrl; // No transformation needed
}
Why This Was The Right Choice
Time Safari's Use Case
- Community platform where users share content from anywhere
- User-generated content includes images from arbitrary websites
- Flexibility is more important than marginal performance gains
Alternative Would Require
- Pre-configuring proxies for every possible image hosting service
- Constantly updating proxy list as users find new sources
- Poor user experience when images fail to load
- Impossible to support the "any domain" requirement
Performance Comparison
Database Operations
- SharedArrayBuffer: ~2x faster for large operations
- IndexedDB: Still very fast for typical Time Safari usage
- Real Impact: Negligible for typical user operations
Image Loading
- With CORS: Many images failed to load in development
- Without CORS: All images load immediately
- Real Impact: Massive improvement in user experience
Browser Compatibility
| Browser | SharedArrayBuffer | IndexedDB | Image Loading |
|---|---|---|---|
| Chrome | ❌ (CORS disabled) | ✅ Works | ✅ Any domain |
| Firefox | ❌ (CORS disabled) | ✅ Works | ✅ Any domain |
| Safari | ❌ (CORS disabled) | ✅ Works | ✅ Any domain |
| Edge | ❌ (CORS disabled) | ✅ Works | ✅ Any domain |
Migration Notes
For Developers
- No code changes needed
transformImageUrlForCors()still exists but returns original URL- All existing image references work without modification
For Users
- Images from any website now work immediately
- No more "image failed to load" issues in development
- Consistent behavior between development and production
Future Considerations
If Performance Becomes Critical
- Selective CORS: Enable only for specific operations
- Service Worker: Handle image proxying at service worker level
- Build-time Processing: Pre-process images during build
- User Education: Guide users toward optimized image hosting
Monitoring
- Track database operation performance
- Monitor for any user-reported slowness
- Consider re-enabling SharedArrayBuffer if usage patterns change
Conclusion
This change prioritizes user experience and community functionality over marginal performance gains. The database still works efficiently via IndexedDB, while images now work universally without configuration.
For a community platform like Time Safari, the ability to share images from any domain is fundamental to the user experience and mission.