Skip to content

Bookmarked: https://jlelse.blog/thoughts/2020/01/security-risk-embedding/. I would—before my tiny setup stopped …

Bookmarked: https://jlelse.blog/thoughts/2020/01/security-risk-embedding/.

I would—before my tiny setup stopped working, that is—scrape and cache avatars locally.

[Y]ou should consider enabling Content Security Policy (CSP) headers and only allow embedded content from trusted sites.

The security risk of embedding images from external sites
jlelse.blog

Replies

  1. Jan on

    Pretty sure this polling for replies to my statuses is what got mastodon.social to block my API requests. Should–although I’ve currently disabled the behavior–fix.