Open pi0 opened 3 years ago
Here's ImageKit's signed URL documentation, for your consideration: https://docs.imagekit.io/features/security/signed-urls#generating-signed-urls-on-your-own
Glide signed URL documentation: https://glide.thephpleague.com/2.0/config/security/
@pi0 Why the need to wait for Nuxt 3 as you stated in #385? What are the usage limitations you mention?
@pi0, is it possible to call signed url through Nuxt Image with Imagekit set as provider ?
@pi0 @danielroe, has there been any recent progress on this issue?
Some providers like imgix (https://docs.imgix.com/setup/securing-images) or Cloudinary (https://cloudinary.com/documentation/control_access_to_media) support signing URLs to disallow an attacker generating an unlimited amount of URLs causing downtimes, unprivileged access, resource abuse, etc.
To properly supporting this, we need a server only mechanism that can sign URLs (if exposing tokens to the client-side, an attacker can still access them to sign!). This can be possible with a serverMiddleware or server-only plugin/runtimeConfig (example idea: https://github.com/nuxt/image/pull/205#issuecomment-817114276). And introducing new set of usage limitations. (thus needs discussion before trying to implement)