More robust URL signing #191

wants to merge 1 commit into


None yet

2 participants


I love Dragonfly, but it's unusable if you have any CDNs or public proxies that do not use query strings. Specifically, Amazon's Cloudfront CDN does not pass query strings through to the origin server, and does not vary the content based on the query string.

To that end, I've rewritten the image signing so that the signature is simply a job step and is thus a part of the base64-encoded portion of the URL. This step is excluded when computing the signature, and validate_sha! looks for a Sig step and compares its first parameter to the job signature.

Specs have been updated accordingly, and pass.

@cheald cheald Rewrite file signing to encode the SHA as a step rather than a query …
…parameter, so that Dragonfly plays nicely with CDNs that don't support querystring variation (Cloudfront)

Hi - actually you can already add it to the url using (in the configuration)

c.url_format = "/blah/:job/:sha"

for example.
Sorry it's not documented better - I'll make a note to add that example to

@markevans markevans closed this May 3, 2012

Hah. Good to know, and now I feel silly for the time invested!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment