- From: 华 <notifications@github.com>
- Date: Thu, 18 Jan 2024 01:20:46 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 18 January 2024 09:20:52 UTC
From an individual website developer's view, this can effectively address the hotlinking issues. The region where my website's users are located demands expensive server bandwidth, and service providers like Vercel and Cloudflare, which are more cost-effective or even free, cannot offer stable services in that area. When some larger websites unauthorizedly use certain images/videos, the impact on my website is no less than DDoS attacks (pricewise). Nearly every local CDN provider offers anti-hotlinking services based on Referer. However, Referer is no longer accurate enough for long; `referrerpolicy` can easily bypass it, simply blocking empty referers also blocks many legitimate accesses. The `same-site` feature of CORP to a certain extent can address this issue, but often the CDN and the user visiting domain are not the same site, which is not flexible enough. If it were possible to specify the scope of the resources, the adoption rate of CORP would likely be much higher. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/760#issuecomment-1898092967 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/760/1898092967@github.com>
Received on Thursday, 18 January 2024 09:20:52 UTC