trentlarson/crowd-funder-from-jason
1
0
Fork 0
forked from jsnbuchanan/crowd-funder-for-time-pwa
Code Issues Pull Requests Projects Releases Wiki Activity
Files
2d17bfd3b4080b7eb7218687df8c28fedd038cde
crowd-funder-from-jason/doc/cors-disabled-for-universal-images.md
Matthew Raymer 2d17bfd3b4 docs: comprehensive documentation updates and modernization 
- Update BUILDING.md with current build system information
- Modernize various README files across the project
- Update CHANGELOG.md with recent changes
- Improve documentation consistency and formatting
- Update platform-specific documentation (iOS, Electron, Docker)
- Enhance test documentation and build guides
2025-08-20 13:02:01 +00:00

131 lines
4.1 KiB
Markdown
Raw Blame History

# CORS Disabled for Universal Image Support
## Decision Summary
CORS headers have been **disabled** to support Time Safari's core mission: enabling users to share images from any domain without restrictions.
## What Changed
### ❌ Removed CORS Headers
- `Cross-Origin-Opener-Policy: same-origin`
- `Cross-Origin-Embedder-Policy: require-corp`
### ✅ Results
- Images from **any domain** now work in development and production
- No proxy configuration needed
- No whitelist of supported image hosts
- True community-driven image sharing
## Technical Tradeoffs
### 🔻 Lost: SharedArrayBuffer Performance
- **Before**: Fast SQLite operations via SharedArrayBuffer
- **After**: Slightly slower IndexedDB fallback mode
- **Impact**: Minimal for typical usage - absurd-sql automatically falls back
### 🔺 Gained: Universal Image Support
- **Before**: Only specific domains worked (TimeSafari, Flickr, Imgur, etc.)
- **After**: Any image URL works immediately
- **Impact**: Massive improvement for user experience
## Architecture Impact
### Database Operations
```typescript
// absurd-sql automatically detects SharedArrayBuffer availability
if (typeof SharedArrayBuffer === "undefined") {
// Uses IndexedDB backend (current state)
console.log("Using IndexedDB fallback mode");
} else {
// Uses SharedArrayBuffer (not available due to disabled CORS)
console.log("Using SharedArrayBuffer mode");
}
```
### Image Loading
```typescript
// All images load directly now
export function transformImageUrlForCors(imageUrl: string): string {
return imageUrl; // No transformation needed
}
```
## Why This Was The Right Choice
### Time Safari's Use Case
- **Community platform** where users share content from anywhere
- **User-generated content** includes images from arbitrary websites
- **Flexibility** is more important than marginal performance gains
### Alternative Would Require
- Pre-configuring proxies for every possible image hosting service
- Constantly updating proxy list as users find new sources
- Poor user experience when images fail to load
- Impossible to support the "any domain" requirement
## Performance Comparison
### Database Operations
- **SharedArrayBuffer**: ~2x faster for large operations
- **IndexedDB**: Still very fast for typical Time Safari usage
- **Real Impact**: Negligible for typical user operations
### Image Loading
- **With CORS**: Many images failed to load in development
- **Without CORS**: All images load immediately
- **Real Impact**: Massive improvement in user experience
## Browser Compatibility
| Browser | SharedArrayBuffer | IndexedDB | Image Loading |
|---------|------------------|-----------|---------------|
| Chrome | ❌ (CORS disabled) | ✅ Works | ✅ Any domain |
| Firefox | ❌ (CORS disabled) | ✅ Works | ✅ Any domain |
| Safari | ❌ (CORS disabled) | ✅ Works | ✅ Any domain |
| Edge | ❌ (CORS disabled) | ✅ Works | ✅ Any domain |
## Migration Notes
### For Developers
- No code changes needed
- `transformImageUrlForCors()` still exists but returns original URL
- All existing image references work without modification
### For Users
- Images from any website now work immediately
- No more "image failed to load" issues in development
- Consistent behavior between development and production
## Future Considerations
### If Performance Becomes Critical
1. **Selective CORS**: Enable only for specific operations
2. **Service Worker**: Handle image proxying at service worker level
3. **Build-time Processing**: Pre-process images during build
4. **User Education**: Guide users toward optimized image hosting
### Monitoring
- Track database operation performance
- Monitor for any user-reported slowness
- Consider re-enabling SharedArrayBuffer if usage patterns change
## Conclusion
This change prioritizes **user experience** and **community functionality** over marginal performance gains. The database still works efficiently via IndexedDB, while images now work universally without configuration.
For a community platform like Time Safari, the ability to share images from any domain is fundamental to the user experience and mission.
Reference in New Issue View Git Blame Copy Permalink