All web based frontend SDKs depends on imagekit-javascript SDK for core functionality i.e. URL generation and upload file. Currently SDK is responsible for calling authenticationEndpoint to get necessary security parameters (signature + token) for the upload request. However this results in security issue as there is no way to pass custom header on this request issued by the SDK internally. Related issue in React SDK - https://github.com/imagekit-developer/imagekit-react/issues/101
To resolve this issue, it would be ideal to delegate the responsibility of generating a security parameter to the SDK consumer.
Therefore, to implement these improvements, the following steps should be taken:
Remove the authenticationEndpoint from the SDK initialization process.
Modify the upload function to include the mandatory security parameters: signature, token, and expire.
Once this is done, we can start using latest imagekit-javascript SDK in all web based frontend SDKs.
imagekitio
commented
1 year ago
All web based frontend SDKs depends on
imagekit-javascriptSDK for core functionality i.e. URL generation and upload file. Currently SDK is responsible for callingauthenticationEndpointto get necessary security parameters (signature + token) for the upload request. However this results in security issue as there is no way to pass custom header on this request issued by the SDK internally. Related issue in React SDK - https://github.com/imagekit-developer/imagekit-react/issues/101To resolve this issue, it would be ideal to delegate the responsibility of generating a security parameter to the SDK consumer.
Therefore, to implement these improvements, the following steps should be taken:
authenticationEndpointfrom the SDK initialization process.signature,token, andexpire.Once this is done, we can start using latest
imagekit-javascriptSDK in all web based frontend SDKs.