Issue with Oneboxing an image from a specific domain

Can anyone shed any light as to what may be going on here?

I have two images. They are identical. The only difference is the domain name.

One image refuses to onebox on my Discourse running 3.3.0.beta2-dev (7a083daf27), the other image will onebox just fine with no issues.

Image one: https://dronescene.co.uk/images/uploads/temporiginal/test11.png

Image two: https://dev.dronescene.co.uk/images/uploads/temporiginal/test11.png

While scratching my head and trying to work out what the issue might be, I noticed the onebox url is appending a few extra parameters on the end of the URL:

Screenshot 2024-04-19 at 13.11.551920×439 64.5 KB

I think this is a red herring though

If I view both images directly in a browser tab and look at the HTTP response headers in the network tab of the browser console, I can’t see any differences between the two.

There are no errors in my Discourse logs.

Might I have applied some domain-specific settings on my Discourse that I’ve long since forgotten about?

What else could cause the Onebox to throw a HTTP/404 when the image is actually there?

Where might I start in debugging why one url works and the other does not?

If relevant, both domains are proxied via Cloudflare - but all identical in the settings there too.

Isn’t one of the main uses of Cloudflare to block bots from requesting files from your site? Looks like it’s working as intended

You should check your Cloudflare configuration, there will be a way to disable bot protection there.

Does it?

What’s the difference?

The IP address of the Discourse server is whitelisted on Cloudflare and I can curl/wget both images from the command line of the server running Discourse.

Struggling to understand why the onebox works on one image but not the other image.

Since you control both servers, can you check what is the exact request, down to verb, user-agent and other headers and try to reproduce with a cURL that mimics it?

Ah, excellent idea