Remote Content, PII and Hotlinking

Hey all, I love the platform, I’m looking for some guidance around controlling remote content locations,

Such as I want to forbid untrusted resources from loading, in an example I could use a jpg this one " " isn’t actually a jpg but all viewers will surrender their IP address and less important, their user agent.

I’d like to only allow uploads of content that is to be rendered, with the exception of some domains such as YouTube or common online storage platforms

Is that at all with the current version of Discourse ? - I’ll be using the forum for internet forensics and it will be perfect for purpose if there is a way to remediate this PII leak on like this and in profile content locations


I used canary tokens to ‘fake’ the jpeg and wrapped it in the markdown for an image

1 Like

We avoid hotlinking by download copies of remote content, the window where people get to have a JPG hotlinked is very small.

That said I am not against having some sort of option on Discourse that allows us to replace images with a “downloading picture” while we are in the process of downloading a hotlinked image.


Hey Sam, Thanks for your time, I can see that the ruby user agent in my logs here, but if someone views my profile I do get the viewers IP, perhaps the fetching/middleware isn’t global to all areas in the app ?

I guess content security policy could fix this short term but at the same time, a crappy UX while they figure out what’s going on haha

thank you for your time and thoughts on this!

As in you hotlinked an image in the about me section?

We should certainly not allow that, I think that is a bug.

1 Like

Hey Sam, that’s correct, in this case I invoke a remote image with the mark down command ![]() - I’m not a power user yet so I’m not sure if there are any other supported ways to invoke remote content but, give it a try, I think I placed mine in my profile’s ‘About me’ space

I think the ‘new user cannot X’ doesn’t apply to this area too.