Media: Enable client-side media uploads in the Media Library grid#12585
Media: Enable client-side media uploads in the Media Library grid#12585adamsilverstein wants to merge 4 commits into
Conversation
The client-side media pipeline needs SharedArrayBuffer, which requires a cross-origin isolated context. Core only isolates the block editor screens, so uploads from the Media Library grid cannot use the pipeline. Hook the existing Document-Isolation-Policy output buffer on load-upload.php, gated to grid mode for users who can upload files. The mode is resolved the same way upload.php resolves it later in the request, without updating the saved user option. List mode has no pipeline integration and stays untouched, avoiding isolation side effects on a screen that gets no benefit.
Grid uploads go through wp.Uploader/plupload to async-upload.php, doing all image processing server-side even when the browser could handle it. Add a media-library-upload script that configures the @wordpress/upload-media store and intercepts plupload's FilesAdded at a higher priority, routing each file through the pipeline: REST upload of the original, client-side thumbnails via wasm-vips, then sideload and finalize. The grid UI is preserved by mirroring wp-plupload's placeholder tiles, progress, queue reset, and error sidebar. mediaSideload/mediaFinalize are thin apiFetch wrappers because the @wordpress/media-utils equivalents are private APIs. When the browser is not cross-origin isolated or lacks client-side support, the script no-ops and classic plupload keeps handling uploads, so degraded environments lose nothing.
Assert the Document-Isolation-Policy header is sent on the grid and not in list mode, that a JPEG upload flows through the REST create, sideload, and finalize endpoints with no async-upload.php requests, and that a disallowed file type surfaces in the error sidebar. Playwright's Chromium build ships without Document-Isolation-Policy support, so the upload assertions skip when the context is not cross-origin isolated; the header assertions still run everywhere.
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the Core Committers: Use this line as a base for the props when committing in SVN: To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
Test using WordPress PlaygroundThe changes in this pull request can previewed and tested using a WordPress Playground instance. WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser. Some things to be aware of
For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation. |
The ticket did not exist yet when the tests were written; annotate all new test methods now that it has been filed.
Trac ticket: https://core.trac.wordpress.org/ticket/65661
What
WordPress 7.1's client-side media pipeline (wasm-vips) only runs in the block editor: it swaps the editor's
mediaUploadsetting and never touches the Media Library grid, which uploads viawp.Uploader/plupload toasync-upload.php. This PR extends the pipeline to the Media Library grid atupload.php, so grid uploads are processed in the browser (REST upload of the original, client-side thumbnails, sideload, finalize) instead of server-side.This ports client-side-media-everywhere PR #49 (see issue #44) into core, adapted to core's DIP-only isolation model.
How
Commit 1 - Extend cross-origin isolation to the grid. Hooks a new
wp_set_up_media_library_cross_origin_isolation()onload-upload.php, reusing core's existingwp_start_cross_origin_isolation_output_buffer()(Document-Isolation-Policy, Chromium 137+). It is gated to grid mode (resolved the same wayupload.phpresolves it later in the request, via a newwp_get_media_library_mode()) and to users withupload_files. Unlike the plugin, no COEP/COOP fallback path is needed: core's isolation is DIP-only across all screens.Commit 2 - Route grid uploads through the pipeline. A new
media-library-uploadscript (vanilla IIFE insrc/js/_enqueues/admin/, matching the surrounding admin scripts) configures the@wordpress/upload-mediastore viaMediaUploadProvider(useSubRegistry: false), wrapswp.Uploader.prototype.initto interceptFilesAddedat a higher plupload priority, and routes each file through the store while mirroring wp-plupload's placeholder tiles, progress, queue reset, and error sidebar so the grid UI works unchanged.mediaSideload/mediaFinalizeare thinapiFetchwrappers rather than the private@wordpress/media-utilsAPIs. The script is enqueued from theupload.phpgrid branch viawp_enqueue_media_library_upload(), with pipeline settings (wp_get_media_library_upload_settings(): max upload size, allowed mime types, registered sub-sizes, big-image threshold, strip-meta and bit-depth filters) passed as an inline script. When the browser is not cross-origin isolated or lacks client-side support, the script no-ops and classic plupload keeps handling uploads - degradation, never data loss.Commit 3 - E2E coverage. New spec asserting the DIP header on
upload.phpgrid (and its absence in list mode), the happy-path upload (create + sideload + finalize via REST, zeroasync-upload.phprequests), and the disallowed-file-type error path. Playwright's Chromium ships without Document-Isolation-Policy support, so the upload assertions skip when the context is not isolated; the header assertions always run.Testing
wpMediaLibraryCrossOriginIsolation.php,wpEnqueueMediaLibraryUpload.php) pass locally, as does the existingwpCrossOriginIsolation.phpsuite.Scope
In:
upload.phpgrid mode - drag-and-drop and "Add New", both of which flow through the one gridwp.Uploader.Out: list-mode "Add New" /
media-new.php(separate uploader path) and abeforeunloadguard for in-progress uploads; both are follow-up candidates.