Is it a bug or is it a feature? Forcing a strict CSP would mean that every media file must be uploaded on Lemmy’s servers… donations would not be enough to keep any crowded instance running.
Not just that but all embedded content would be infeasible if strictly enforced. It’s not a Lemmy issue but part of the internet as a whole. We have browser tools for this already and it’s not Lemmy’s job to reinvent the wheel. The alternative platforms are so much worse by several orders of magnitude I don’t understand the irrational fear here.
Is it a bug or is it a feature? Forcing a strict CSP would mean that every media file must be uploaded on Lemmy’s servers… donations would not be enough to keep any crowded instance running.
would a link to the media hosted on an image / video hosting service rather than hosting media on Lemmy’s servers solve the issue?
The article says that the security issue is that Lemmy allows link to third party media hosts.
Not just that but all embedded content would be infeasible if strictly enforced. It’s not a Lemmy issue but part of the internet as a whole. We have browser tools for this already and it’s not Lemmy’s job to reinvent the wheel. The alternative platforms are so much worse by several orders of magnitude I don’t understand the irrational fear here.