Encrypting source URL (and filters) #1618
Labels
Comments
|
Hello, I've written a fully encrypted Thumbor-crypto handler by pycryptodome library. Url seems like this: http://127.0.0.1:8888/320x320/media/some-image-1094090107.jpg?tKLJtnWvsPqLJIi_fjBg0oDsK51zfGwWUBYHKf_5MREiG_MdLf4qHl_db2kYIaiY3f8E7DxlauwqqVbkw7SyBHHt9NkE Currently, I use it for my project. If there is interest, I will write documentation on how to use it. |
|
this will be a nice feature preventing misuse of the source image URL. |
|
I think you can resolve by nginx rewrite |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have a valid Thumbor URL that works: https://thumbor.arvutitark.ee/xIPGHvXZ8VkGc8JPgCW0SqQ_imI=/trim/fit-in/800x800/filters:format(webp)/https%3A%2F%2Fstorage.googleapis.com%2Farvutitark-prod%2Fpublic%2Fmedia-hub-olev%2F2022%2F11%2F251940%2Forigina.jpg
Can the source URL be hidden by using the same
SECURITY_KEYfor encryption? So the URL would be smth like this instead: https://thumbor.arvutitark.ee/xIPGHvXZ8VkGc8JPgCW0SqQ_imI=/trim/fit-in/800x800/filters:format(webp)/xxxxxxxxxxx, where xxxxxxxxxxx is encrypted. Or even the entire path after the hash could be encrypted: https://thumbor.arvutitark.ee/xIPGHvXZ8VkGc8JPgCW0SqQ_imI=/xxxxxxxxxxx.The text was updated successfully, but these errors were encountered: