I’ve never had any trouble circumventing those protections. Anyway, I install my CA certificate on the pcs I work most with at school (I shouldn’t be able to…) so I don’t have that kind of trouble 
Use cloudflare-giveus-a-self-signed-and-we’ll-fix-it-with-a-front-end-cert
This is getting kinda off-topic…
1 Like
What @TBotV63 said. This thread is for talking about the forum self downloading images, not about SSL certs.
1 Like
I’m questionning the potential security threat of downloading and self-hosting images from a remote source.
There is some potential. But it’s also an OCD thing.
Hrm… I wonder how much they validate those images, might have an arbitrary code execution vulnerability if they don’t validate them at all.
That’s what I was thinking yeah.
I believe the person on these forums best suited to answer that question is @riking. How is image downloading handled? Any processing other than changing links?
Not much processing other than the automated thumbnail creation if the image is wider than a post, which still happens even if the images aren’t downloaded; and adding width/height markers to the HTML so that the page doesn’t jump around.
Hm. Am I correct in guessing that it will download the image file behing a .php-source image? Otherwise it seems to me that @RobodudeMC and @Kornagan have a very valid point. If it does, however, it would at least serve as a protection for the users.
1 Like
They could always just have the server return a 404 to just Discourse, so it’s not exactly viable as IP discovery protection.