Some people might want to share a generated image (e.g. PHP). This system makes that impossible.
4 Likes
^What those guys said, it’s to make sure nothing breaks down the road when site start deleting images.
3 Likes
It’s also for privacy reasons - it means people can’t embed an image in their post and watch view counts (and people’s IP addresses…).
It’s ALSO because we want all content we serve to be handled over SSL. Some (lazy) people haven’t got SSL set up, or forget to renew their certificates and therefore we’d have to proxy their content (or mirror it) anyway.
What sort of usecase are you thinking of for this? I can understand why you might want this if people had signatures, but Discourse doesn’t have signatures either, so it’s not like you have anywhere to put a server status image. (If you can find one, I’ll look at what I can do)
2 Likes
Perhaps we could tag an image for auto-updating? Maybe something that only regulars could do to keep everyone from doing this (like the nofollow links).
This would probably have to be a custom discourse plugin though, but then again I don’t know the system that well maybe one already exists.
1 Like
2 Likes
Problem: You can embed images that were not created by you, e.g. this wikipedia logo:
Inline links (also known as embedding) are not a copyright violation.
Hosting a copy of an image is a copyright violation.
The best example where this becomes a problem:
2 Likes
What about hosting with a citation? They could set the tooltip of the image to the original URL it was retrieved from.
2 Likes
I can’t really think of a use for this actually. It was just a generic answer to this problem.
Or, or, or: Those people just happen to be students who don’t exactly have a spare 600$ every year for their domain.
You can get a PositiveSSL for like 5 dollars per year, FYI 
2 Likes
Alright, true. But useless for people who like subdomains, if I understand the PositiveSSL website right.
You can get a wildcard cert for 60 per year 
1 Like
Well that I’m interested in. Would you mind providing a link?
1 Like
https://cheapsslsecurity.com/sslproducts/wildcardssl.html
A friend has used them before for non-wildcard certs, so I at least know they work. I’m still using Namecheap myself, as I only have one cert and I’m ok with paying an extra couple dollars to keep things in one place.
You’re kidding, right? Cost is not a barrier; StartSSL is free, WoSign (yay, China) is also free, CloudFlare’s just-use-a-selfsigned-cert-and-we’ll-fix-it-at-the-frontend SSL is also free.
5 Likes
I emit my own certificates. All I want is that the connections I establish to my host (which is at home btw) can be encrypted. When I feel it is necessary, I’ll move forward.
By emitting my own certificates, I’m able to customise everything about them, which is nice
@mbaxter: Thanks
@lukegb: I did find StartSSL, but that’s limited to 1 year and a single domain if I understand it right… WoSign has 2 years and 100 domains as option (looks actually kinda good), but you’re obviously right about CloudFlare, I totally forgot about that.
@Dannyps: I do that as well and it’s enough for me, but self-signed https connections are blocked by most browsers by default, afaik.
I’ve never had any trouble circumventing those protections. Anyway, I install my CA certificate on the pcs I work most with at school (I shouldn’t be able to…) so I don’t have that kind of trouble
Use cloudflare-giveus-a-self-signed-and-we’ll-fix-it-with-a-front-end-cert
This is getting kinda off-topic…
1 Like