Enable CORS on images.4chan.org (from boards.4chan.org)

[Hupotronic]

...So that I don't need to use GM_xmlhttpRequest to fetch images (which I need to do in order to calculate SHA-1 hashes for reverse image search in ExLinks).

[qqueue]

I emailed moot about this a while back, but he didn't reply ;_;

The maintainers of the 4chan-sounds script would also appreciate CORS on images.4chan.org. Their script pulls the images and reads audio from the data beyond the true end of the image, which is also done with GM_XHR currently.

Other cool use cases would be client-side EXIF tag reading, GIF frame splitting/rewind, and other tricks that require access to the data of the image.

@Hupotronic in the meantime, you could use a CORS proxy. However, depending on how heavy exlinks sauce gets hit, 4chan might see the proxy as an image leecher.

[moot]

Not going to add CORS to images.4chan.org.

[qqueue]

At least give us a sentence. C'mon moot, don't be so coy.

[Hupotronic]

Why indeed? The only difference it'd make would be making life easier for the userbase (especially Opera users, since Opera doesn't support GM_xmlhttpRequest). And not in the kind of way that would hurt the site either.

[moot]

What methods and headers do you need to be allowed?

[qqueue]

Only GET, and no special headers should be needed.

However, since there are no other types of endpoints on the images.4chan.org domain, all you really have to add is the correct Access-Control-Allow-Origin for http{s}://boards.4chan.org to the responses. The other headers like Access-Control-Allow-Methods that you may be looking at won't actually matter as a GET request for image data won't be preflighted unless there are credentials or special headers.

Thanks for reconsidering, moot. We always knew deep inside that you'd never let us down.

[nstepien]

For the 10th time now, I need HEAD to know if a file 404'd or not.

[qqueue]

FYI moot, HEAD is also a "simple request" and therefore won't be preflighted, so still no need for anything weird.

[moot]

FYI I started working on this last week but due to an issue with CloudFlare haven't been able to get it working yet (they strip the header out on content they have cached). Working with them on a solution.

[Hupotronic]

Awesome! Looking forward to it.

[moot]

This isn't possible with the way CloudFlare currently works. Basically they pass through the header when the resource is originally served from our backend (cache miss), but from then on so long as they're serving it out of cache, they don't serve the header since it isn't hitting our backend.

There might be a solution down the line, but it will be on their end and I have no control over their product timeline. I'll post an update to 4chan-API when that happens.