Embed Notice
HTML Code
Corresponding Notice
- Embed this notice
on-lain ✔ᵛᵉʳᶦᶠᶦᵉᵈ (lain@lain.com)'s status on Saturday, 27-May-2023 03:29:22 JSTon-lain ✔ᵛᵉʳᶦᶠᶦᵉᵈ @NEETzsche @alex the advice was still correct, i just found a separate exploit that wasn't used, apparently. The one I found is fixed by the CSP setting, the more general one that we found in our oembed parser/pleroma-fe is being fixed by a new release we're preparing, but moving the media and proxy to their own domains like alex recommended will also fix both issues.