Cache onebox images and serve them from the main domain

Due to European privacy regulations, it's best to avoid request to third party domains initiated by a website you host. It's hard to achieve compliance with Discourse, as the Onebox feature makes the browser fetch the thumbnail from the original website, making it a third-party request. See the below oneboxed article:

https://www.theregister.com/2022/01/31/website_fine_google_fonts_gdpr/

You can see in the devtools that the image is downloaded from a third party website. As the article also points out, it's a GDPR issue even if the request has no cookies.

Currently I disabled onebox for my instance of Discourse, but I'd love to introduce it back in a way that more strictly respects privacy and isn't opening a way to get a fine



Discuss this on our forum.