fix(play): make scene-image proxy opt-in — default deployers connect direct

b805b1d routed every scene <img> through fetch → Blob → createObjectURL to
kill QUIC progressive-paint, but in doing so added an *unconditional*
dependency on a CORS-adding proxy. That breaks the default deployment:
im.runware.ai sends no Access-Control-Allow-Origin, so a direct
fetch().blob() throws and the scene image silently fails to load for anyone
who hasn't stood up the Cloudflare Worker.

Restore the pre-b805b1d behavior as the *default* and make the proxy
strictly opt-in:

  - Direct path (no env set): preloadImage() warms the HTTP cache + decodes,
    then <img> uses the original https://im.runware.ai URL — as before
    b805b1d. No fetch().blob(), no CORS dependency: a fresh clone just works.
  - Proxy path (NEXT_PUBLIC_IMAGE_PROXY_URL set): fetch the proxied URL →
    Blob → createObjectURL, exactly as b805b1d, gaining the QUIC-immune
    HTTP/2 edge + atomic paint.

shouldProxy(url) gates the two paths: proxy only when a base is configured
AND the host is in NEXT_PUBLIC_IMAGE_PROXY_ALLOWED_HOSTS (default
im.runware.ai). data: / non-http / unknown-host URLs always take the direct
path. blobUrlCache + revoke logic is unchanged and safe for both paths
(revoke is a no-op on non-blob: URLs).

The Cloudflare Worker moves out of this repo into a standalone, one-click-
deployable project (infiplot-image-proxy) so the optional infra isn't
carried by every clone; .env.example and the READMEs link to it.

restore: preloadImage() helper deleted by b805b1d
add:     NEXT_PUBLIC_IMAGE_PROXY_ALLOWED_HOSTS (default im.runware.ai)
remove:  worker/ (moved to standalone repo)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
yuanzonghao
2026-06-04 09:56:50 +08:00
parent b86a9507e3
commit 4347e5bfdf
7 changed files with 123 additions and 155 deletions
+20 -8
View File
@@ -56,15 +56,27 @@ TTS_SPEECH_MODEL=mimo-v2.5-tts
# Text/story/voice still run normally. Great for iterating on TTS.
MOCK_IMAGE=false
# ---- 5b. Image proxy (Cloudflare Worker, optional) -----------------
# Chrome's direct fetch of im.runware.ai is unreliable on some networks
# (ERR_QUIC_PROTOCOL_ERROR mid-stream → partial bytes → <img> renders
# progressively from top to bottom). Routing the fetch through a CF Worker
# (see worker/) avoids the QUIC fragility and adds edge caching + CORS.
# Empty → no proxy → direct fetch (fine when the network behaves).
# NEXT_PUBLIC_ vars are inlined at BUILD time — set in Vercel project settings.
# Deploy the Worker per worker/wrangler.toml, then paste the workers.dev URL:
# ---- 5b. Image proxy (Cloudflare Worker, OPTIONAL) -----------------
# Leave BOTH blank (the default) and the browser fetches images directly
# from the provider — exactly as the app worked before this proxy existed.
# You are completely unaffected; skip this whole section.
#
# Why you might want it: Chrome's direct fetch of im.runware.ai is unreliable
# on some networks (ERR_QUIC_PROTOCOL_ERROR mid-stream → partial bytes →
# <img> paints progressively top-to-bottom). Routing the fetch through a tiny
# Cloudflare Worker re-fetches server-to-server (no QUIC fragility) and serves
# over HTTP/2 — atomic paint, plus edge caching + CORS.
#
# Deploy your own in ~1 min (one-click "Deploy to Cloudflare" button):
# https://github.com/zonghaoyuan/infiplot-image-proxy
# Then paste the workers.dev URL it prints below. NEXT_PUBLIC_ vars are
# inlined at BUILD time — set them in Vercel/Cloudflare project settings.
NEXT_PUBLIC_IMAGE_PROXY_URL=
# Hostnames the proxy is allowed to fetch (comma-separated). Default covers
# Runware's CDN. If your IMAGE_BASE_URL points at another provider, add that
# provider's image host here so its URLs take the proxy path too. Anything
# not listed stays on the direct fetch. Only matters when the URL above is set.
NEXT_PUBLIC_IMAGE_PROXY_ALLOWED_HOSTS=im.runware.ai
# ---- 6. Analytics · Umami (optional — leave blank to disable) ------
# Privacy-friendly, cookieless page-view stats — no Cookie consent banner.