-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
secure/signed URL support #276
Labels
enhancement
New feature or request
Comments
Here's ImageKit's signed URL documentation, for your consideration: |
Glide signed URL documentation: https://glide.thephpleague.com/2.0/config/security/ |
@pi0, is it possible to call signed url through Nuxt Image with Imagekit set as provider ? |
@pi0 @danielroe, has there been any recent progress on this issue? |
Draft
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some providers like imgix (https://docs.imgix.com/setup/securing-images) or Cloudinary (https://cloudinary.com/documentation/control_access_to_media) support signing URLs to disallow an attacker generating an unlimited amount of URLs causing downtimes, unprivileged access, resource abuse, etc.
To properly supporting this, we need a server only mechanism that can sign URLs (if exposing tokens to the client-side, an attacker can still access them to sign!). This can be possible with a serverMiddleware or server-only plugin/runtimeConfig (example idea: #205 (comment)). And introducing new set of usage limitations. (thus needs discussion before trying to implement)
The text was updated successfully, but these errors were encountered: