Modern frameworks like Next.js and Astro come with their own <Image> component. It’s great — you get optimizations, fewer layout shifts, and better performance for free.But there’s a catch: anyone can abuse your app to optimize their own images, which costs you compute.That’s why these frameworks require you to explicitly allowlist remote domains.In Next.js, that looks like:import type { NextConfig } from "next"; const nextConfig: NextConfig = { images: { remotePatterns: [ { protocol: "https", h...