Thumbnail API should not allow arbitrary sizes

[landreev]

Our thumbnail generating API will take any arbitrary number and re-scale an image to that size (horizontally; preserving the original pixel ratio).

For some reason, there is an old, and still open issue #5679 which appears to request that "We should add the ability to specify the thumbnail size in the API". Did we forget to close it? Our API does allow arbitrary thumbnail sizes, and that's a problem. There are also open issues where people are specifically asking for higher res./larger thumbnails on various pages. Not to worry, that by itself is not a problem. If people want to have larger thumbnails in the new UI than the current 64 px., sure, why not. But there is no need for the API to accept literally any number that is passed to it.

Maybe it should only allow the few standard sizes that are used by the known pages, plus any sizes specifically configured by the instance admins. But at the very, very least there should be a hard upper size limit. For the larger previews on the current dataset and file pages we scale to 400 px in width. That seems like a sensible max. size to me (but maybe should be configurable as well). But there is absolutely never a good reason to allow to scale an already large image to an even larger size.

[qqmyers]

+1 for configurable - since thumbnails are public, there could be concern that 400px thumbs leak info from restricted files.

[pdurbin]

For some reason, there is an old, and still open issue #5679 which appears to request that "We should add the ability to specify the thumbnail size in the API". Did we forget to close it? Our API does allow arbitrary thumbnail sizes, and that's a problem.

That other issue is about thumbnails/logos for datasets.

[landreev]

@pdurbin - got it, thanks.