-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
URL Support ala thumbor #7
Comments
Heck yeah, please do @aphillipo! Let me know if I can do anything to help 😀 |
|
@aphillipo I was thinking about this some more. Are you sure this is something that would impact us? One of the decision I made that deviate from Thumbor/Dragonfly was the use of pre-defined and configured formats. My reasoning for that decision was to a) avoid people requesting whatever they wanted (as outlined in your link) and b) to keep urls simple, readable, and short. |
Okay so following that maybe the config can include a list of domains/paths that we allow you to load an image from; for example cdns or s3 etc. and obviously that'll do away with the need for signing. We'd need to make sure that query strings are filtered otherwise you might be able to make an infinite number of the same image. |
That makes sense @aphillipo, good thinking 👍 |
How are things coming @aphillipo? Do you want me to jump into this? |
Hmmm. Thanks for the heads up, it'd be good if you do it because I'm so busy right now. I think we should have a discussion about caching the output. Are you sure you don't want it in there? Be cool to have an on filesystem cache and s3 cache? |
Hi Doomspork,
I might take a look at signing and url support ala thumbor? https://github.com/thumbor/thumbor/wiki/Security
Obviously we'll just keep the predefined generation profiles and generate a signature on them and the url.
Thoughts?
The text was updated successfully, but these errors were encountered: