Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)RA
Posts
0
Comments
11
Joined
1 yr. ago
  • You actually can prevent this easily with CSP (content security policy). That header tells your browser which adresses it is allowed to load additional data from when visiting your site. It is an important tool to prevent cross-site scripting attacks, your browser should not load data from random sources when it is on your site.
    Of course you would have to funnel all inline images through a site-local proxy that the browser is allowed to load data from.

    This also has not only security implications, but also with the GDPR. Some jurisdiction consider ip addresses as personal data. Sending them to e.g. the US without user consent would be a violation. I know it is stupid to consider ip addresses as personal data and it is stupid to consider a browser loading data as sending that personal data somewhere on the sites' behalf. But there is a reason why a lot of websites for example only embed tweets after you explicitely allow it.

  • It is pretty straight forward if you use the provided docker-compose file with the nginx internal proxy in it. Just add traefik as per usual to the internal port 8536 of the proxy container.

  • 🤷‍♂️
    It is just a decision that every instance owner can make for themselves (if they are aware of it).

    It will be a huge headache for search engines anyways, all posts are basically replicated across all instances and look local to a search engine. So for a single post it will have hundreds of copies in its database and probably outputting all of them as results (for now).

  • Permanently Deleted

  • There is no guarantee that the delete request reaches all other instances as there is no kind of synchronisation protocol. If that delete request never reaches the other instance for whatever reason, the post stays online.