Dedicated uploads CDN

Currently uploads on WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ are served through ms-files.php, which uses the format of a https://{$HOST_PATH}/files/{$FILE} url.

For example: https://wordpress.org/files/2022/12/sotw-drawer-background.png or https://wordpress.org/showcase/files/2019/11/hodge-bank.jpg

For various reasons, including the desire for SVG uploads to be used within the WordPress Site Editor by designers, moving these to a CDN would be appreciated.

These can already be accessed via the s.w.org CDN like so (same file as above): https://s.w.org/wp-content/blogs.dir/1/files/2022/12/sotw-drawer-background.png – Not a pretty URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org, it works, but I’m unsure if we’d want to have SVG files on that hostname, even if only uploaded by trusted users and run through a SVG-sanitizer pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party?

As it can be accessed through that CDN, it means it can also be accessed directly without a CDN, through the the main wordpress.org hostname. Ideally, we’d want to remove that functionality / automatically redirect direct blogs.dir access, if we were to allow SVG uploads.

What’s the best option here?

  1. Use the existing CDN as mentioned above, Example: https://s.w.org/wp-content/blogs.dir/1/files/2022/12/sotw-drawer-background.png.
  2. Add a new CDN (eg, u.w.org) and use the BlogID in the URL (instead of a site hostname/path) to avoid the need for PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php., something like https://u.w.org/{$BLOG_ID}/files/{$FILE}. Example: https://u.w.org/1/files/2022/12/sotw-drawer-background.png

(Note: I’ve used {$BLOG_ID}/files/{$PATH} here instead of {$BLOG_ID}/{$PATH} simply for the future expansion when/if other uploads are served from it, such as the BuddyPress/bbPressbbPress Free, open source software built on top of WordPress for easily creating forums on sites. https://bbpress.org. uploads which are in a subdirectory, and to simplify the request)

And either way, an automatic redirect would be preferred for requests not from the CDN. ms-files.php requests can be handled from within WordPress.

rewrite blogs.dir/(.+) https://u.w.org/$1 permanent;
or
rewrite blogs.dir/(.+) https://s.w.org/wp-content/blogs.dir/$1 permanent;

The existing CORS headers from s.w.org would be needed on any new CDN.

Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *

#prio3 #cdn #uploads