I’ve noticed any time I try to share a picture with your instance it is filtered and replaced with *removed externally hosted image*. Seems a fairly stifling design choice, if federation is gonna be successful. Why won’t you let me love you?

  • BoarAvoir [they/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    As others have mentioned, that was implemented in a hurry due to tightening up security and safety around embedded images. I’ve brought it up to the devs to hopefully rectify, as if an instance is trustworthy enough to federate with (aka, not actively malicious) then it is probably safe to show their embeds (behind a blur).

    At the latest, this restriction will go away when lemmy upgrades to pictrs 0.5 which will support proxying image requests, but unless there are objections from the rest of the team we will likely add all federated instances to the image allowlist before then.

  • LesbianLiberty [she/her]@hexbear.net
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    AFAIK we have that enabled because there are tons of exploits that can happen when an image is loaded, namely IP Grabbing. Hopefully one day there’ll be a built in function on Lemmy that allows images to be scraped and re-hosted on Hexbear so we don’t have to think about its