Alex Vandiver c726d2ec01 thumbnail: Do not Camo old thumbor URLs; serve images directly. ...

Providing a signed Camo URL for arbitrary URLs opened the server up to
being an open redirector.  Return 403 if the URL is not a user upload,
and the backend image if it is.  Since we do not have ImageAttachment
rows for uploads at a time we wrote `/thumbnail?` URLs, return the
full-size content.

2024-07-24 16:04:34 -07:00

1.2 KiB

Raw Blame History

View Raw