bajax on Nostr: :grey_cat_roll: grumbulon Nekobit God's Silliest Soldier wafu ...
:grey_cat_roll: (npub1pnp…52zw) grumbulon (npub1m7p…0szf) Nekobit (npub1q3k…q3wu) God's Silliest Soldier (npub10pg…xu2f) wafu :Libbie_dance:❤️:wafumelon_rotate: (npub1yua…c3d4) OK, I have to back up and explain a bunch of shit about how attachments are handled on the fediverse to explain it, but I’ll keep it short…
In order for the file to execute, it needs to be on the same domain the victim is browsing from– if you accidentally load from sleepy.cafe a payload targeted at seal.cafe, it won’t work. Browser security measures prevent it.
What media proxy does is take attachements and serve them from the site you’re browsing from, as if all the attachemnts come from the same server. This makes it faster in some cases and prevents telling other sites which of your users are looking at which files. BUT– if sleepy.cafe was running media proxy, an attack targeted at seal.cafe users might in theory work, because it makes all attached files appear to come from the domain you’re browsing on.
In order for the file to execute, it needs to be on the same domain the victim is browsing from– if you accidentally load from sleepy.cafe a payload targeted at seal.cafe, it won’t work. Browser security measures prevent it.
What media proxy does is take attachements and serve them from the site you’re browsing from, as if all the attachemnts come from the same server. This makes it faster in some cases and prevents telling other sites which of your users are looking at which files. BUT– if sleepy.cafe was running media proxy, an attack targeted at seal.cafe users might in theory work, because it makes all attached files appear to come from the domain you’re browsing on.