Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Cache remote user icons #431
To prevent, at best, browser warnings, and at worst, tracking and drive by exploits, remote user icons should be resampled and cached and served from the known server.
The image should be saved along with the cache headers as provided by the remote server, saving an expires from the remote image or 1 day (whichever is greater). If a webmention/comment comes in and the image expires time has been exceeded it should be refreshed.
Setting an expires time of a minimum of 1 day should mitigate DoS exploits (you absolutely don't want to refresh the image on every webmention received), while minimising the number of stale images present.