Hello! I'm just wondering if there's any particular reasons why you
don't want to allow external images/videos? Is there any security risks?
To my understanding visitors' browser will be requesting the
images/videos directly so it's not like it will increase SourceHut
bandwidth, or am I missing something?/
I'm not trying to ram a square peg into a round hole, I just want to
know why.
On Sun, 2024-01-21 at 16:47 +0100, lts20050703 wrote:
> Hello! I'm just wondering if there's any particular reasons why you > don't want to allow external images/videos? Is there any security> risks?
From what I recall, the rationale behind this rule is that it puts up a
barrier to discourage people using sr.ht pages as a frontend to
distribute porn, piracy, malware, etc. Github admins have to play
whack-a-mole with this stuff, and they deal with an elevated number of
DMCA complaints and other legal requests because of it. If all site
content must be hosted on sr.ht then it's easier to detect abuse. (I
may be wrong about this but that's what I remember from reading the
list back when the feature was introduced.)
Restricting external embeds limits the usefulness of pages a bit, but
they are still capable enough to be used as project homepages or small
personal sites, which is pretty much the limit of their intended scope.
On Sun, Jan 21, 2024, at 10:47 AM, lts20050703 wrote:
> Hello! I'm just wondering if there's any particular reasons why> you don't want to allow external images/videos? Is there any> security risks?
It's to prevent pages from embedding resources that could be used for
third-party tracking and analytics, like the Facebook Pixel:
https://themarkup.org/series/pixel-hunt