Make upload.wikimedia.org serve images with a Timing-Allow-Origin header
completed by: ☃ unicodesnowman
mentors: Gergő Tisza
We use the ResourceTiming browser API to make various speed measurements; Wikipedia images are served from a separate domain (upload.wikimedia.org) which means that cross-domain security restrictions apply and detailed timing data is only available if the server sets a Timing-Allow-Origin header on the response. (See this article for an introduction of the ResourceTiming API; it's not necessary for this task, though.)
Images are served through Varnish proxies; you need to modify the puppet configuration for Varnish to add the header to all images. Don't worry; this will be fairly easy even if you are not familiar with Varnish and puppet.
This task is tracked in Wikimedia's task management system as T76020.
Students are required to read Wikimedia's general instructions first.