I will update this diff shortly to pass this flag from all of the places where we create files which should be public (canCDN) by default.

In D10054#34, @epriestley wrote:

Here are the places I was able to identify that need the canCDN flag:

• add_macro.php, CLI creation of new image macros.
• All calls in PhabricatorImageTransformer: the rule this will implement is "image thumbnails can always CDN", which I think is reasonable. We do not permit users to choose their thumbnail dimensions arbitrarily, so this can never show you the source file by generating a thumbnail with source dimensions unless the source is very small.
• PhabricatorPeopleProfilePictureController, the Gravatar profile image write and the explicit upload write.
• PhabricatorMacroAudioController, the audio write.
• PhabricatorMacroEditController, both the from-file and from-url writes.
• PhabricatorProjectEditPictureController, the explicit upload write.
• PhabricatorAuthProvider, the profile image write.
• PhabricatorFileComposeController, the write of generated project profile images.

And possibly:

• FileUploadConduitAPIMethod should maybe expose this (and maybe viewPolicy) but we can wait for use cases.

I'm omitting:

• On consideration, let's leave Pholio off the canCDN list for now, since conceivably it could have sensitive stuff in it and the number of actual image requests is very small and it's reasonable to special-case it later and somewhat complicated to get the flag set.
• I'm leaving the write in PhabricatorRemarkupGraphvizBlockInterpreter off for similar reasons.

In general, I've compiled this list by looking for calls to PhabricatorFile::newFromFileData(), PhabricatorFile::newFromPHPUpload(), PhabricatorFile::newFromFileDownload(), PhabricatorFile::newFromXHRUpload(), or PhabricatorFile::buildFromFileDataOrHash() and then calling out the ones that generate a reasonably-public, commonly used file.

(For completeness, @rush898 is tackling the Conduit method in D10164.)