Oneesan succubus on Nostr: I found out how the attack works, it indeed depends on mediaproxy, so if you don't ...
I found out how the attack works, it indeed depends on mediaproxy, so if you don't use it you are safe.
You are also safe if you add this code to your nginx.
location ~ ^/(media|proxy) {
add_header Content-Security-Policy "script-src 'none';";
Updates and fixes incoming, but this will fix the issue right away. There is a certain aspect of social engineering here, it will not just attack you by seeing an image inside pleroma-fe.
You are also safe if you add this code to your nginx.
location ~ ^/(media|proxy) {
add_header Content-Security-Policy "script-src 'none';";
Updates and fixes incoming, but this will fix the issue right away. There is a certain aspect of social engineering here, it will not just attack you by seeing an image inside pleroma-fe.