Disabling raw mp4/webm links

[Bottiger]

I've decided to disable raw mp4 and webm links. The reason is because someone can use that to grab people's ips.

This isn't possible with images because all the images are proxied through the web server.

If you want to host videos quickly, I'd recommend uploading to streamable or one of the approved sites in the media button.

 

[KinCryos]

The reason is because someone can use that to grab people's ips

huh. didn't even know that was possible. the more you know

I take it that MP4/WEBMs uploaded to Discord are similarly unsafe? (since AFAIK, using raw links was how to link such media hosted there)

 

[Bottiger]

huh. didn't even know that was possible. the more you know

I take it that MP4/WEBMs uploaded to Discord are similarly unsafe (since AFAIK, using raw links was how to link such media hosted there)

No they save the video to their own servers when you upload. I don't know about links though.

 

[KinCryos]

No they save the video to their own servers when you upload. I don't know about links though.

I initially thought as such.

does this mean that the raw option actually allowed users to upload MP4/WEBMs?
or was this just in case someone linked something on a home server and got that exposed to unwanted traffic?
I'm honestly curious about this. is there any official documentation regarding this vulnerability?

 

[Bottiger]

does this mean that the raw option actually allowed users to upload MP4/WEBMs?

No it means that someone could make a video url like http://homeip/video.mp4. And anyone loading that post would send a request to that server and that person could look at his server logs to record ips. Site like youtube can see the same thing too, but the chances they would abuse it is low.

It is just the way websites work.

 

[KinCryos]

ah, essentially the inverse of my second guess

too bad the Discord content in meme threads is also impacted by this. oh well, safety first

 

[san7890]

Never going to recover from this one. I'll work with it though.