#196 Media proxy

Open
opened 2 weeks ago by resynth1943 · 1 comments

If one were to embed an image into a document that automatically loads (e.g. a README), they could quite easily grab the IPs of targeted users.

GitHub combats this by implementing a media proxy, which is a safer mechanism for preventing these kind of attacks. For example, if an external image is embedded into a README, its request goes through camo.githubusercontent.com.

This prevents the attacker from gaining the IP of victim users. While the external images are still loaded, they are loaded from GitHub’s servers, then fed back to the user and into the browser.

I’m not sure if this affects other Gitea instances, and Gitea itself.

If one were to embed an image into a document that automatically loads (e.g. a README), they could quite easily grab the IPs of targeted users. GitHub combats this by implementing a media proxy, which is a safer mechanism for preventing these kind of attacks. For example, if an external image is embedded into a README, its request goes through camo.githubusercontent.com. This prevents the attacker from gaining the IP of victim users. While the external images are still loaded, they are loaded from GitHub's servers, then fed back to the user and into the browser. I'm not sure if this affects other Gitea instances, and Gitea itself.
6543 commented 2 weeks ago
https://github.com/go-gitea/gitea/issues/916
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.