- Prior to T5685, files were protected by unguessable secrets in URIs.
- This is the standard method used by Facebook, Google, etc. However, it means that knowing a URL allows you to view the file data, and created a hypothetical risk where leaking, say, an access log might also leak valid URIs.
- This was unacceptable to WMF, and in T5685 we changed this behavior to issue and require one-time use tokens to view files.
- Uncachable images which require a one-time-token handshake to view cause performance problems essentially everywhere that we load file content.
- UIs where the user might want to page back and forth between images (like Pholio and Lightboxes) are particularly crippled.
Some particular issues:
- You can no longer share files by sharing the URLs (T6007).
- Lightboxes and Pholio suffer crippling performance penalties (T9377, T8359).
- All images in all applications are negatively impacted (T10261).
- As of ~6 months ago, Safari flips out on thumbnails in comment previews and they're reduced to flickery messes.
- Images can not be referenced in email (T9896).