Yeah, we have this GlobalSetting, which you can enable by setting the environment variable DISCOURSE_REDIRECT_AVATAR_REQUESTS=true
Then, instead of proxying, avatar requests will be served with a 302 redirect to the file store.
By itself… that’s not really a good idea. It means browsers have to make two full HTTP roundtrips for every avatar. So, while it might solve your ‘hotlinking protection’ problem… I wouldn’t recommend that you enable it. It will make the experience worse for your users.
We use the setting on our discourse.org hosting. But we supplement it with a lambda running on our Cloudfront CDN. It detects the 302 and performs the proxying itself. Essentially: we move the proxying from our application servers to the CDN.
As for the more general question of “can we change avatars to link directly to the asset”. It’s tricky because avatar URLs are baked into all historic posts (e.g. quotes). The dynamic /user-avatar/ URLs allow us to keep those working when a user changes their avatar. I’m afraid we don’t have any plans to change that system.
If there’s an easy low-risk way we could make the existing proxying work for your use-case (e.g. add a GlobalSetting which inserts a specific HTTP header in any avatar-proxy requests), then we could consider accepting a PR for the change.