Closed codexsid closed 1 year ago
This is fixed in version 2.0.0. We have deprecated using the authenticationEndpoint
parameter. Instead, the SDK now introduces a new parameter named authenticator
. This parameter expects an asynchronous function that resolves with an object containing the necessary security parameters i.e signature
, token
, and expire
. For implementation guidance, please see.
Premise
: The constructor ImageKitUppyPlugin gives the option to specifyauthenticationEndpoint
to which it does the HTTP GET call.Ask
: We need to pass the key-value in the header of that xhr call.Reason
: In the absence of the above-asked header key values the auth endpoint is a dummy, and anyone can invoke it to get the credentials from the authentication endpoint.Proposed Solution
To make it generic, for other users; maybe add an optioncustomHeaders
, which expects a standard array of array[[key, value],[key, value]]
This can be done after the open method at https://github.com/imagekit-developer/imagekit-uppy-plugin/blob/master/src/main.js#L143
--
Alternate Solution
: Yes, we can encode the cred and pass them as query-param, but that will be hacky, and users of this module will have to write a custom middleware to use ImageKitUppyPlugin. Which uglifies the codebase hence not preferred.