Also if say you have image/animation/audio/video link without extension (e.g.: .jpg), you can fool Lemmy using a fragment identifier at the end of URL #.jpg which would usually be used to jump to the fragment id in document. e.g.: https://example.org/image#.jpg
Wowzers that's fancy, I'll have to save that for the future
Now I'm wondering if someone in bad faith could link an tracking image and just rip ip addressees in the background
I guess it depends on if lemmy clients query the link to fetch fetch images or just grab a cached copy of the image from the lemmy instance
Images in comments don't get cached, so absolutely yes. But I mean, public IP + User Agent is like minimum of information anyway. Any website you visit gets it.
The image embed doesn't work. Lemmy supports embedding media only if HTTPS is used. This website is HTTP.
I already fixed it, but I didn't know that! That's really cool!
You can also embed images inside links, by the way (click the button):
[](https://getfirefox.com)Also if say you have image/animation/audio/video link without extension (e.g.: .jpg), you can fool Lemmy using a fragment identifier at the end of URL
#.jpgwhich would usually be used to jump to the fragment id in document. e.g.:https://example.org/image#.jpgWowzers that's fancy, I'll have to save that for the future
Now I'm wondering if someone in bad faith could link an tracking image and just rip ip addressees in the background
I guess it depends on if lemmy clients query the link to fetch fetch images or just grab a cached copy of the image from the lemmy instance
Images in comments don't get cached, so absolutely yes. But I mean, public IP + User Agent is like minimum of information anyway. Any website you visit gets it.
it's not just lemmy; HTTPS websites aren't allowed to serve HTTP content
https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content
Sorry, my bad. And thanks for the info.
No worries, I find the intricacies of protocols like this super interesting 😊