Julia EvansMar 4

I'm back to thinking about CSRF: why is it useful for sites to be able to embed resources (like <img src="othersite.com/whatever.jpg">) and for the browser to send the user's cookies to the third-party site?

There's "ads" and "tracking" obviously but I feel like there's another actually-useful-to-users reason I'm not thinking of

Show threadDDRMar 4
@b0rk On the old forums, hosting often didn't want to do images... too large? It was handy to be able to link them in from a dedicated hoster, like imagebin or something.
Show threadJulia EvansMar 4
@ddr do you need to send the user's imagebin cookies to do that?
Show threadDDRMar 4
@b0rk Hmm, I think there were some that would only let you see images if you were logged in, but I might be wrong.
Show threadJulia Evans
@ddr that seems very possible!
Mar 4 at 8:08pmWeb