Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Github image without camo

Tags:

github

I have a self-hosted SonarQube instance, behind a proxy.

I want to include the badges on my private GitHub repo's readme.md. This repo is only accessed by individuals behind the proxy so they won't have issues viewing the images.

However, GitHub is converting them to URLs like https://camo.githubusercontent.com/blahblahblah. These all render as broken images, checking the console camo.githubusercontent.com is returning 404s for my images, presumably because camo can't see the images.

I understand Github does this for reasons of anonymity and caching but it's quite annoying. Searching online reveals a lot of frustration with GitHubs behaviour on this but it's mostly aimed at their excessive caching and the solution seems to be setting headers by the image provider. However, we don't want to expose the images to camo.githubusercontent.com or anyone else.

I have tried adding images using markdown format and <img src=""> but no dice.

How can we get GitHub to serve images that GitHub can't see, but the client can?

like image 995
mattumotu Avatar asked Sep 09 '19 15:09

mattumotu

1 Answers

Any image that would render in a GitHub README.md file (or other rendered HTML format) will be rendered using camo. There are several reasons for this. One is performance: GitHub serves a lot of users, and page load times would be bad if they didn't. Another is privacy: letting repo owners embed tracking images would be unacceptable. And finally, there's the DDoS angle: hosting images externally permits a malicious repository owner with a reasonably popular repository to DDoS any site they choose simply by loading one of its images.

There isn't a way to disable camo because it's built into the rendering pipeline. It isn't specific to Markdown; it will also apply to raw HTML files, AsciiDoc, and anything else that produces HTML. You can provide some sort of dashboard via a link or use links in some other way, or somehow via a data: URL, but otherwise, as far as images go, if it's rendered as part of file content, it's going to go through camo.

Even if you could somehow trick the rendering pipeline into allowing an unproxied image through, the Content-Security-Policy header would prevent it from being rendered in your browser, and your browser would report it as a security violation to GitHub.

like image 147
bk2204 Avatar answered Sep 24 '22 17:09

bk2204
Sign in to Comment

Related questions

Make Git repo public without revealing past commits
Using github to host public git repositories whilst ensuring that sensitive data files remain untracked
How can I get the number of GitHub issues using the GitHub API?
Push Google Colab ipynb to Github?
Test travis-ci script without commit on github
Uploading project to GitHub from Visual Studio 2010
How to push from one bare git repo to another?
Excluding Environment Files from Github Angular 4 Project
Passwords in git tree + Heroku + Github
Importing multiple git repositories into one project in Intellij
Syntax highlighting on GitHub's Wiki: Specifying the programming language
Is it possible to tell Github that my branch was merged into upstream master?
git push only part of a repository
github: How would you delete all commits by a certain username
Deleting merged branch gives "error: The branch X is not fully merged...'
Get a token by Github API
Which is better for GitHub authentication: SSH Key or tokens? [closed]
Pull request on github - showing commits rebased from master
what's the difference between github repository and git bare repository?
Images in a table with GitHub markdown

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!