My Discourse site is image-heavy. Due to the many images, I use a S3/CDN combination to store and serve images. Within the CDN, I use various measures to prevent image hijacking. One of the measures is to stop all direct access to pictures and only allow access from a defined hostname list.
Discourse works with this setup, except for Avatars. Avatars stop working when hotlinking protection is turned on.
The reason is Discourse uses a proxy setup for Avatars. The HTML uses a proxy link for avatars. The link structure is https://discourse.forum/user_avatar/discourse.forums/username/24/616_2.png.
Once the proxy is resolved, the browser requests direct access to the image file.
My CDN prevents direct access with a 403 when making this direct request. And all custom avatars become silhouettes.
What options do we have to remove the proxy?
Can we change the avatar to a standard image file structure?