It seems you were right in the assumption that something had changed on our side. The team has disabled the use of SVGs with the Imgix platform because of security vulnerabilities with SVGs, in that they can be injected with JS and because the imgix parameters have no effect on SVGs. So now SVGs are treated as files rather than images and this is why the come from the amazon servers.
The Dev Team thought this change wouldn’t cause any breaks. This is why they didn’t talk to us on the Education Team about this change for us to inform our users, but they didn’t imagine the use case of people currently with SVGs and query params. So in the words of The Captain from Cool Hand Luke “What we’ve got here is failure to communicate”.
I realise this causes a huge headache for you and other users. We are trying to perform checks to see how many users may have been affected. I can only apologise about this and promise that we are putting in place processes so that this doesn’t happen again.
What does this mean for you in practical terms?
For any pages that were using SVGs, which you want to update, you will need either replace your SVGs with another image format or create a workaround in your web application which checks for a
? character in the URL string and does not apply query params based off of that.
I know the sucks and I can only apologise again.
We’re are going to release a communication about this change today and update our documentation. I realise it’s too little, but I we are working hard to make sure something like this doesn’t happen again.
Let me know if you have any further questions about this.