-
Hi, I'm recently changing from thumbor user to imgproxy. Here are some questions of signing the url.
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 5 replies
-
Hey!
|
Beta Was this translation helpful? Give feedback.
-
Hello, |
Beta Was this translation helpful? Give feedback.
-
Hey @jburgyan! I don't really see a reason to argue here. Security measures are a matter of consideration and it's always a compromise. The more security measures you apply, the less flexibility you have. We provide some ways to secure your installations of imgproxy yet their usage is completely up to you. As I said earlier, frontend is an insecure environment: everything you can do on frontend, everyone can do. So if you allow your frontend to generate imgproxy URLs, then anyone can generate URLs for your imgproxy installation and use it for their needs. URL signature is the only way to completely prevent usage of your imgproxy by third parties. Yet there are some configs like |
Beta Was this translation helpful? Give feedback.
Hey!
IMGPROXY_ONLY_PRESETS
+IMGPROXY_ALLOWED_SOURCES
to somehow secure your imgproxy, but it's less secure than using signatures anyway.