Closed swickr closed 7 years ago
Some Micropub endpoints don't store files themselves at all, and instead use external storage such as S3 for all assets, even ones that were received via a Micropub file upload. In these cases, the Micropub server ends up storing just a URL to the asset, and the URL is rendered in the post when it's displayed. The intent with accepting URL values as well as file uploads is to allow more flexibility in how files are handled in general.
I've added a section to the security & privacy section describing this. https://micropub.net/draft/#external-content
Does this address the issue? Thanks!
looks good to me
On today's call, the WG resolved to accept this text as a resolution for this issue. https://socialwg.indiewebcamp.com/irc/social/2017-04-11#t1491924421892
Sufficient for this pass. Thanks.
Section 3.3.1 Uploading Files has two sentences that do not seem consistent:
If the endpoint MUST treat the property as if the file had been uploaded directly then (presuming it doesn't simply ignore the content) what other option does it have than to download the content from that URL?
Irrespective of whether the MAY should be SHOULD, Section 6.1 Security and Privacy is incomplete in that it does not mention considerations for an endpoint when it fetches an arbitrary URL presented to it in lieu of uploading a file. At least a note about defensive measures is warranted.