XenForo blindly assumes that all avatars are jpegs when constructing the URL, despite that gif and pngs (and potentially other future image formats) can be stored for various avatar sizes.
One consequence of this is that the html header "X-Content-Type-Options=nosniff" can not be used on the entire site.
Code:
protected static function _getCustomAvatarUrl(array $user, $size)
{
$group = floor($user['user_id'] / 1000);
return XenForo_Application::$externalDataUrl . "/avatars/$size/$group/$user[user_id].jpg?$user[avatar_date]";
}One consequence of this is that the html header "X-Content-Type-Options=nosniff" can not be used on the entire site.
Upvote
1
