Camo is all about making insecure assets look secure. This is an SSL image proxy to prevent mixed content warnings on secure pages served from GitHub.
We want to allow people to keep embedding images in comments/issues/READMEs/google charting.
Using a shared key, proxy URLs are encrypted with hmac so we can bust caches/ban/rate limit if needed.
- Proxy remote images with a content-type of
- Proxy images under 5 MB
- Proxy google charts
- 404s for anything other than a 200 or 304 HTTP response
- Disallows proxying to private IP ranges
At GitHub we render markdown and replace all of the
src attributes on the
img tags with the appropriate URL to hit the proxies. There's example code for creating URLs in the tests.
Camo supports two distinct URL formats:
<digest> is a 40 character hex encoded HMAC digest generated with a shared
secret key and the unescaped
<image-url> value. The
<image-url> is the absolute
URL locating an image. In either format, the
<image-url> should be URL escaped
aggressively to ensure the original value isn't mangled in transit.
% coffee server.coffee
To see the full URL resclient is hitting etc, try this.
% RESTCLIENT_LOG=stdout rake
You can see an example god config here.
% coffee -c server.coffee % /usr/bin/env PORT=9090 CAMO_KEY="<my application key>" node server.js