Skip to content

Notes tagged: indieweb

Bookmarked: https://jlelse.blog/thoughts/2020/01/security-risk-embedding/. I would—before my tiny setup stopped …

Bookmarked: https://jlelse.blog/thoughts/2020/01/security-risk-embedding/.

I would—before my tiny setup stopped working, that is—scrape and cache avatars locally.

[Y]ou should consider enabling Content Security Policy (CSP) headers and only allow embedded content from trusted sites.

The security risk of embedding images from external sites
jlelse.blog