Anti-theft chaining is added, and the Gitee picture bed is hung!

Hello everyone, I am Yupi, and something unexpected happened in the past two days: Gitee’s picture bed is useless!

Picture bed: refers to a server that stores pictures to facilitate the display of pictures on the Internet

Last night, more than one friend on the planet posted a message saying that in his website and articles All the pictures turned into Gitee icons? !

#I didn’t understand the truth at the time, so I thought that such a large code open source platform as Gitee could be used? Just asked my friend what's going on:

I think if it is an official problem, then many project documents that use Gitee to make drawings will definitely be affected. So I went to GitHub and searched for a few projects. Sure enough, the icons in many project documents changed to Gitee.

Don’t underestimate the impact of this! On the one hand, there are a lot of jokes. For example, the sponsors of the project in the picture below have all become Gitee:

There are also some authors who attract traffic and reward 2D All codes have turned into Gitee icons, which directly affects the author's income! (It’s been a day and the author hasn’t discovered it yet. Please spread the word~)

Some students’ blogs have become like this. . .

So I went to the Internet for a brief research. Many friends have encountered this problem, so it is probably the official fault.

Then I entered Gitee, found the picture bed warehouse I had built before (a code warehouse specially used to store pictures), found a picture at random, entered the picture viewing page (the path contains blob), and then clicked the original Data view original image:

The image can be opened smoothly by jumping (the address of the original image page does not contain blob):

Then I directly copied the address of the image and refreshed the page, but the image was no longer visible. Press F12 to monitor network requests and find that the image request did not receive a correct response. Instead, a favicon.ico was obtained:

Just take a guess, this ico file Sure enough, it is the Gitee icon!

Then why can the image be displayed by jumping from Gitee's own page to the real image address, but will the address be blocked if accessed directly?

Apparently Gitee added anti-hotlinking to the image. Under normal circumstances, the server will read the Referer from the client's request header and determine whether the referer header is in the whitelist. Decide whether to respond to the image normally or intercept it.

To verify this, let’s do another experiment. First, use the Firefox browser to directly open the real address of the Gitee image. As expected, it cannot be displayed:

Then we find the image request just now in the F12 developer tools, click Edit and resend :

Then add a Referer to the previous request, indicating which page jumps to the target page:

Sure enough, the picture responded successfully:

It seems that Gitee has really added anti-hotlink protection this time, without any prior notice (until I posted it, I didn’t Without notice). Everyone expressed that they were dumbfounded:

Now that what has happened, no matter whether Gitee officially adds anti-hotlinking temporarily or permanently, I do not recommend that everyone continue to use Gitee as a Picture bed (it itself has a 1 M picture size limit). Instead, you should use stable object storage services provided by cloud service vendors such as Qiniu Cloud or Tencent/Alibaba.

For friends who are currently affected by Gitee, you can do the following things:

• Find a new object storage service

• Package and download the code of the Gitee warehouse and upload it completely to the new object storage service (make sure the paths are consistent)

• Use a text editor to prefix the link of the image (gitee.com/xxx) Batch replace with the new storage service link prefix

Oh, it’s troublesome just thinking about it. . . Therefore, if conditions permit, it is recommended that you store the images on your own server (object storage service), which is safer and more secure.

Tutorial recommendation: "Git Tutorial"