Onebox、ファビコン、およびCloudflareの「ホットリンク保護」

The following WordPress site is behind Cloudflare, currently with " Scrape Shield", “Hotlink Protection” off:

https://www.thenews.coop/139235/sector/worker-coops/worker-co-op-weekend-2019-restorative-sociable-inspiring-get-together/

When “Hotlink Protection” is on the article image is downloaded by Discourse to display in the onebox but the favicon is not (in Firefox this is clear as there is an empty box):

Screenshot_2019-06-13 Co-operatives UK Workers Co-op Weekend May 10th-12th 2019.png828×192 38.4 KB

This is the HTML source:

<img src="https://www.thenews.coop/wp-content/uploads/favicon-1.ico" 
     class="site-icon" width="64" height="64">

With “Hotlink Protection” on the favicon is not displayed due to the Cloudflare serving a “Error 1011, Access denied”.

I was also wondering, has the downloading and serving locally, of favicons been considered for cases where Cloudflare’s “Hotlink Protection” is on?

How would you do that? And if someone had gone to lengths to see that you can’t download those images my response is either “serves them right” or “I will respect their wishes.”

他の画像と同じ方法で処理すればよいのでしょうか？

こちらのワンボックスをご覧ください：

焚き火の画像の URL は以下の通りです：

![](upload://yL3c0erBE8QgCGLh5SKlzQJ1nZj.jpeg)

これは、Discourse が元のサイトの以下の URL からダウンロードしたものです：

https://www.thenews.coop/wp-content/uploads/D6eFNECXkAM9BmG-1280x600.jpg

私が聞きたいのは、ファビコンも他の画像と同じように扱う（コピーをダウンロードしてローカルで配信する）ことに意味があるかどうか、ということです。

現在の動作を自分でテストしてみてください。Cloudflare の背後にあるサイトで「ホットリンク保護」を有効にすると、Discourse が依然としてワンボックスのメイン画像をダウンロードしていることがわかります…

They will as long as they are in a format your Discourse accepts. The example in OP is using .ico, which is an old format not allowed in Discourse by default. You can add it to the list in your site.

I added .ico to authorized extensions and rebuilt the HTML of a post and while the favicon wasn’t downloaded and served locally straight away it was when I checked it a couple of days later.