secure/signed URL support #276
Labels
enhancement
New feature or request
Comments
|
Here's ImageKit's signed URL documentation, for your consideration: |
|
Glide signed URL documentation: https://glide.thephpleague.com/2.0/config/security/ |
|
@pi0, is it possible to call signed url through Nuxt Image with Imagekit set as provider ? |
|
@pi0 @danielroe, has there been any recent progress on this issue? |
Draft
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some providers like imgix (https://docs.imgix.com/setup/securing-images) or Cloudinary (https://cloudinary.com/documentation/control_access_to_media) support signing URLs to disallow an attacker generating an unlimited amount of URLs causing downtimes, unprivileged access, resource abuse, etc.
To properly supporting this, we need a server only mechanism that can sign URLs (if exposing tokens to the client-side, an attacker can still access them to sign!). This can be possible with a serverMiddleware or server-only plugin/runtimeConfig (example idea: #205 (comment)). And introducing new set of usage limitations. (thus needs discussion before trying to implement)
The text was updated successfully, but these errors were encountered: