Closed frederickfogerty closed 2 years ago
Current dependencies on/for this PR:
This comment was auto-generated by Graphite.
@frederickfogerty I just realized that this change is probably not compatible with URL signing as it relies on the path being sanitized/encoded first.
@frederickfogerty I just realized that this change is probably not compatible with URL signing as it relies on the path being sanitized/encoded first.
I'm not sure I'm quite picking up what you're putting down here. What are the implications of this? Does this mean that URL signing can't be used with already encoded URLs?
@sherwinski I made the trailing slash fix/update here, btw
@sherwinski just wanted to follow up here if there was any more information about this issue
@frederickfogerty I haven't had chance to dig in more but I should have more time today to build out an example that confirms/denies my suspicion. I'll follow up
Does this mean that URL signing can't be used with already encoded URLs?
Yeah I'm saying it won't work unless the URL is encoded exactly as we would during the sanitizing step. To me that just seems like a bit of smell since from a user's perspective, it might not be that apparent that path encoding and URL signing are that tightly coupled.
For example, this test will fail (the expected
value includes the signature if path encoding were true):
const client = new ImgixClient({
domain: 'sdk-test.imgix.net',
includeLibraryParam: false,
secureURLToken: 'abc123',
});
const actual = client.buildURL(
'/file+with%20some+crazy?things.jpg',
{
w: 100,
},
{
disablePathEncoding: true,
},
);
const expected =
'https://sdk-test.imgix.net/file%2Bwith%2520some%2Bcrazy%3Fthings.jpg?w=100&s=0c4068b0df31a8a8b67dd79247063939';
assert.strictEqual(actual, expected);
Not sure if the best path here is to document this as a caveat or throw a warning if users attempt to sign a URL while also disabling the encoding step.
:tada: This PR is included in version 3.5.0 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
Before this PR, this library would encode all paths passed to either
buildURL
orbuildSrcSet
. This was a great default in a lot of scenarios, but this proved to be irritating when integrating with some data sources that provided already encoded URL paths. Thus, this PR allows this path encoding behavior to be disabled in theoptions
parameter for both methods.