fix: ignore cookies in image cache policy

jetbridge / cdk-nextjs

Deploy a NextJS application using AWS CDK

https://constructs.dev/packages/cdk-nextjs-standalone

Apache License 2.0

273 stars 45 forks source link

fix: ignore cookies in image cache policy #212

Closed jadenv closed 5 months ago

jadenv commented 5 months ago

The value of a cookie would never change how an image is rendered, so cookies should not be included in the image cache policy.

bestickley commented 5 months ago

@jadenv, what happens if the image should be locked behind auth cookie? This property can be overridden, see ...this.props.overrides?.imageCachePolicyProps. Does that work for you?

jadenv commented 5 months ago

@bestickley yep, already using that override property now and its workin!

You do have a fair point about authenticated images. We have never used a pattern like that through the next image component, so I thought of this just to be a bug, but if thats the intention, we can close this :)

bestickley commented 5 months ago

Although I want this construct to be "secure by default", I think the developers will the majority of the time want the behavior you're proposing so I'm going to accept this PR. Thank you!