Images for events are intended to be stable URLs that resolve to a PNG or JPEG image; but there is no verification. While it was intended to be a decent solution allowing dynamic media to be referenced, it appears this usage is not implicit and officers are linking media that is impossible for browsers to resolve properly.
For example
https://drive.google.com/file/d/1XsOSfLbvJ1Z-RlByTvnMxPlR785qu2G5/viewhttps://acmutsa.notion.site/All-Logos-41efcfae57324beb816f136c0756b16a#5e9b9c427ae64d849ad0f0d468a20ce4
These URLs are pages - they won't resolve. Browsers won't HTTPS images back. Even worse, I believe if the officers had done it properly (gotten a valid Content-Type returned), the image used may have been unstable; temporary. And not resolve after days or even hours.
For now, before proper media upload is implemented, a verification process needs to be created. This process needs to be server-side to eliminate potential errors from locally available images (localhost, intranet).
The check should make sure of the following, and return the reason (if any) for failure:
- Content Type is jpeg, png (use mime-types, headers)
- Maximum size (<= 1536 KB)
- The URL must be HTTPS
Potential other checks:
- Responds to HEAD requests
- Responds well to referred requests (emulate headers used by a browser, to eliminate bad URLs protected by hotlink protection/zone referrers)
- Multi-request matrix
- Ends with an expected suffix
- Comes from an expected domain (
*.google.com, *.imgur.com).
- Within a certain aspect ratio range (1/3 to 3/1)
- Minimum size (>= 10KB)
- Minimum resolution (
W > 100 && H > 80)
Images for events are intended to be stable URLs that resolve to a PNG or JPEG image; but there is no verification. While it was intended to be a decent solution allowing dynamic media to be referenced, it appears this usage is not implicit and officers are linking media that is impossible for browsers to resolve properly.
For example
https://drive.google.com/file/d/1XsOSfLbvJ1Z-RlByTvnMxPlR785qu2G5/viewhttps://acmutsa.notion.site/All-Logos-41efcfae57324beb816f136c0756b16a#5e9b9c427ae64d849ad0f0d468a20ce4These URLs are pages - they won't resolve. Browsers won't HTTPS images back. Even worse, I believe if the officers had done it properly (gotten a valid Content-Type returned), the image used may have been unstable; temporary. And not resolve after days or even hours.
For now, before proper media upload is implemented, a verification process needs to be created. This process needs to be server-side to eliminate potential errors from locally available images (localhost, intranet).
The check should make sure of the following, and return the reason (if any) for failure:
Potential other checks:
*.google.com,*.imgur.com).W > 100 && H > 80)