pub-dev icon indicating copy to clipboard operation
pub-dev copied to clipboard
verified publisher icon dart-lang

Consider proxying images from the README.md file

Open jonasfj opened this issue 6 years ago • 2 comments

Proxying images from the README.md file displayed on the package page would mitigate user tracking by third-parties.

I'm not sure we need to cache, maybe caching a few minutes would be nice. But I don't think we have to be particularly concerned about third-parties tracking the number of requests, so long as we don't allow attaching cookies or expose the IP of the pub visitor. A proxy should probably only proxy URLs from our markdown, not arbitrary URLs from query-string.

Note. embedding images is useful for screenshots, etc.

Credits @sortie for suggesting this might be undesirable.

jonasfj avatar Sep 26 '19 14:09 jonasfj

Wouldn't this expose us to further copyright and content hosting risk? Or will it be roughly the same?

isoos avatar Sep 26 '19 14:09 isoos

Content hosting is a risk. Which is why we need to put it on a different domain.

jonasfj avatar Sep 30 '19 15:09 jonasfj