Ensure CDN images are only served to CORs defined urls, or at least provide a setting to allow/deny, which is a common feature of most CDNs.
Additional context
We're now in a situation where we're going to have to pay for resources we haven't used ourselves. I've seen other enquiries about this issue but can't find any kind of resolution anywhere. We'd really love some measures to deal with this kind of asset abuse.
Describe the bug
A very popular South Korean blog has hotlinked a few of our images, our usage quota has subsequently gone through the roof.
To Reproduce
Copy any old CDN link to an image and paste it into your code.
Expected behavior
Ensure CDN images are only served to CORs defined urls, or at least provide a setting to allow/deny, which is a common feature of most CDNs.
Additional context
We're now in a situation where we're going to have to pay for resources we haven't used ourselves. I've seen other enquiries about this issue but can't find any kind of resolution anywhere. We'd really love some measures to deal with this kind of asset abuse.
Here's an example of a request from our logs...
The post in question doesn't appear to have the image displayed anywhere, it's not in the source, but these logs are from yesterday.
Thanks!