Only let authed local users request remote content (for the first time a given piece of remote content is requested) #2133
Comments
ara4n
changed the title
|
To clarify: why would you ever let remote users cause your homeserver to cache remote content? only local users should be able to do this. given the first person to query content (be it a bridge or a real user) will be authed, this seems like a reasonable requirement to avoid abuse. |
|
related: matrix-org/matrix-spec#870 |
|
Slightly related; Discord allows people to copy-paste content URLs to then paste in other chats, or even on other websites. This has created some sort of social culture around it which discord tolerates, because it means images arent getting re-uploaded every time, which saves data on their servers. This is somewhat the same on the matrix federation, because someone could post a MXC URI in another room, and i want to set that as my avatar, and then someone sees that avatar, and would want to send that to their room to show off, its hard to track who is "authenticated" to view the picture/content, then. |
erikjohnston
added
the
T-Enhancement
I think i'm right in saying that curently any arbitrary user on the 'net can query a media URL on an arbitrary HS to get it to cache arbitrary content from Matrix. Surely this should be limited (for the first request) to users local to that HS
The text was updated successfully, but these errors were encountered: