Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cache remote user icons #431

Closed
mapkyca opened this issue Aug 31, 2014 · 1 comment

Comments

Projects
None yet
1 participant
@mapkyca
Copy link
Member

commented Aug 31, 2014

To prevent, at best, browser warnings, and at worst, tracking and drive by exploits, remote user icons should be resampled and cached and served from the known server.

Refs #203 & #420

The image should be saved along with the cache headers as provided by the remote server, saving an expires from the remote image or 1 day (whichever is greater). If a webmention/comment comes in and the image expires time has been exceeded it should be refreshed.

Setting an expires time of a minimum of 1 day should mitigate DoS exploits (you absolutely don't want to refresh the image on every webmention received), while minimising the number of stale images present.

@mapkyca

This comment has been minimized.

Copy link
Member Author

commented Aug 31, 2014

Thinking, it might be simpler to get and store the webmention image against the webmention object each time. I think DoS mitigation might be better done higher up the chain, i.e. when a webmention is received, by making the call back asynchronous.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.