Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://gleasonator.com/objects/4f60d2eb-3573-4065-9cc6-57cc66ac8814">Alex Gleason (alex@gleasonator.com)'s status on Thursday, 07-Sep-2023 23:46:52 JST</a><a href="https://gleasonator.com/users/alex" title="alex@gleasonator.com"><img src="https://gnusocial.jp/avatar/1712-48-20220726020642.webp" width="48" height="48" alt="Alex Gleason" style="position: absolute; left: 0; top: 0;">Alex Gleason</a><div><a href="https://pl.psion.co/objects/f63ad236-9024-4f4e-af2b-080b9b065093" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/102497" title="3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d@mostr.pub">fiatjaf</a></li></ul></div></section><article><a href="https://pl.psion.co/users/parker">@parker</a> <a href="https://mostr.pub/users/3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d">@3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d</a> After thinking more, the main issue I see with serving media over an IPFS gateway is the content-type header. The gateway tries to guess, and it could return application/javascript. Of course serving on a subdomain with CSP solves it, but it's not layered security. Need to solve that.</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2034484#notice-3993214">In conversation</a><time datetime="2023-09-07T23:46:52+09:00" title="Thursday, 07-Sep-2023 23:46:52 JST">about a year ago</time> <span>from <span><a href="https://gleasonator.com/objects/4f60d2eb-3573-4065-9cc6-57cc66ac8814" rel="external" title="Sent from gleasonator.com via ActivityPub">gleasonator.com</a></span></span><a href="https://gleasonator.com/objects/4f60d2eb-3573-4065-9cc6-57cc66ac8814">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Thursday, 07-Sep-2023 23:46:52 JSTAlex Gleason
in reply to
- Parker Banks
- fiatjaf
@parker @3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d After thinking more, the main issue I see with serving media over an IPFS gateway is the content-type header. The gateway tries to guess, and it could return application/javascript. Of course serving on a subdomain with CSP solves it, but it's not layered security. Need to solve that.
In conversationabout a year ago from gleasonator.compermalink

Public

Embed Notice

HTML Code

Corresponding Notice