this post was submitted on 15 Aug 2023
17 points (100.0% liked)

hexbear

10238 readers
36 users here now

Now that the old Hexbear fork has been officially abandoned, this community will be used as a space for meta-discussion on the site itself.

founded 3 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
17
removed externally hosted image (lemmy.sdf.org)
submitted 1 year ago by [email protected] to c/[email protected]
9 comments fedilink hide all child comments
 

I've noticed any time I try to share a picture with your instance it is filtered and replaced with *removed externally hosted image*. Seems a fairly stifling design choice, if federation is gonna be successful. Why won't you let me love you?

top 9 comments
sorted by: hot top controversial new old
[–] [email protected] 20 points 1 year ago (1 children)

As others have mentioned, that was implemented in a hurry due to tightening up security and safety around embedded images. I've brought it up to the devs to hopefully rectify, as if an instance is trustworthy enough to federate with (aka, not actively malicious) then it is probably safe to show their embeds (behind a blur).

At the latest, this restriction will go away when lemmy upgrades to pictrs 0.5 which will support proxying image requests, but unless there are objections from the rest of the team we will likely add all federated instances to the image allowlist before then.

[–] [email protected] 5 points 1 year ago

Thank you for the technical explanation, I understand now the current state.

[–] [email protected] 19 points 1 year ago (2 children)

AFAIK we have that enabled because there are tons of exploits that can happen when an image is loaded, namely IP Grabbing. Hopefully one day there'll be a built in function on Lemmy that allows images to be scraped and re-hosted on Hexbear so we don't have to think about its

[–] [email protected] 8 points 1 year ago (1 children)

I get that. Unfortunately it breaks a large piece of functionality. Any time I try to share a local picture, it's going to by default be uploaded to my home instance.

[–] [email protected] 3 points 1 year ago (1 children)

I guess upload to imgur and hyperlink for now?

[–] [email protected] 9 points 1 year ago (1 children)

I appreciate the suggestion. However imgur is gonna try to scrape 10x the info from anyone that visits that link, than allowing an inline image from my home instance. And I can't be that monster.

[–] [email protected] 2 points 1 year ago

Argh how frustrating!

[–] [email protected] 2 points 1 year ago

This would be preferable.

[–] [email protected] 7 points 1 year ago

no more half measures walter