You're right, it wouldn't be a problem because the local node would have all the files locally, and the URLs would all point to the local http gateway instead of an actual ipfs URI (we'd include the cid in API responses so you could resolve over ipfs if you wanted to, tho). Users could also choose to disable remote ipfs lookups in the gateway for security/bandwidth reasons, but in the ideal end state we wouldn't even need a media proxy because the local gateway could resolve remote content.
@Alex Gleason @fiatjaf I suppose I could make my own pseudo-CDN with several IPFS nodes then? Plus there's the Cloudflare IPFS Gateway Cache (for those who don't mind cloudflare).
After thinking more, the main issue I see with serving media over an IPFS gateway is the content-type header. The gateway tries to guess, and it could return application/javascript. Of course serving on a subdomain with CSP solves it, but it's not layered security. Need to solve that.
Good news, the default IPFS gateway returns `Content-Type: text/plain; charset=utf-8` for javascript files, even if they end with a `.js` extension. Same isn't true for SVG, though.