GET /api/session/<session_id>/sample/<sample_number>/thumbnail.{ext} always returns a thumbnail for the sample if available.
The sample can't be mutated on storage to contain thumbnailUrl if it has imageUrl. because the server does not know it's own address. But this would be convenient if the server knew it's address.
This proposed implementation, with a proxied image, has a proxy security vulnerability issue that could be abused on a public server. Not to mention the process of creating the thumbnail would require some processing.
Image thumbnails can be delivered by the server.
Recommendation:
GET /api/session/<session_id>/sample/<sample_number>/thumbnail.{ext}always returns a thumbnail for the sample if available.The sample can't be mutated on storage to contain
thumbnailUrlif it hasimageUrl. because the server does not know it's own address. But this would be convenient if the server knew it's address.This proposed implementation, with a proxied image, has a proxy security vulnerability issue that could be abused on a public server. Not to mention the process of creating the thumbnail would require some processing.