Closed nkprasad12 closed 3 years ago
This is resolved. Images are saved as:
server@/retrieve_image/[]image name]
and resolved on the client side as
serverOrigin/retrieve_image/[image name]
so changing the image address will only make other clients try to retrieve an image that doesn't exist.
Not a big deal now but a malicious client could easily make everyone fetch arbitrary blobs with the current setup by changing an imageSource