Remote Icons #107
Remote Icons #107
Conversation
…rk into feat/remote-icon
|
That's a lot of commits! We'll have to do some triage on this one, as I don't significantly like extensions relying on remote sources. My main concern is admin's IPs (and other request info) being exposed to external servers. |
|
Hmm. Yeah, that's fair. I know services like PayPal have a "secureimages" type thing that's just a proxy, I wonder if we could do something similar here |
As far as I know, Blueprint will throw a |
|
Your implementation looks really promising though! I'm going over some of your commits right now and it seems like you accounted for pretty much every edge-case I can think of. |
|
Another idea, one of my previous ideas was download the icon from the remote url when you install the addon instead of just embedding it, that could also work |
That's probably a better approach to this, since that'd make Blueprint just proxy the image, which is good. You could theoretically also make an image proxy in PHP, although I'm not sure how slow the images load in that case. |
Lemme do some experimentation shenanigans real quick |
Feat/remote icon schenanigans
|
@prplwtf, this should be a reasonable take at it. Image speed seemed to be fine, and even then it's only fetched once every 24h |
|
I did unfortunately have to make another method for |
Allow for extension developers to use HTTP(s) links for their icons instead of directly including them.
Upon installing an extension, the previous action was just if it doesn't exist on the filesystem, reject it altogether. This changes it, so if it starts with
http, it can pass.If a link passes through that barrier, the installer will check if it ends with one of the supported filetypes (those being
svg,png,gif,jpeg,webp, andjpg. If it doesn't, it uses one of the default icons, otherwise it uses that remote url AS the icon.