m2-assistant[bot]
commented
3 years ago Hi @indykoning. Thank you for your report. To help us process this issue please make sure that you provided sufficient information.
Please, add a comment to assign the issue: @magento I am working on this
- Join Magento Community Engineering Slack and ask your questions in #github channel.
In the folowing commit the new image_optimization_parameters option has been added with some new nginx configuration to accompany it. https://github.com/magento/magento2/commit/640cad53009b291334234ccd61ab79f256b43da2#diff-157d2bc558ce473e66e013bb30759e55fe32bc9277626ec1f70bb60bb558296fR144
This configuration accepts any width and any height without checking the source of the request. This makes it possible for someone to write a script to constantly request a new resized image. other services use a hash that is sent along with a secret mixed in in order to prevent this https://docs.imgix.com/setup/securing-images