Open tasiotas opened 1 year ago
Hi,
Have you thought about some protection from bad actors modifying url so that each request will trigger new transformation? Its pretty easy to loop over few parameters in the url and get unique requests that caching wont catch.
Here is a good read, https://imagekit.io/blog/reduce-unauthorised-use-image-urls/
Hash sounds like a good idea. Include precomputed hash in the url, that will be checked for validity before performing transformation.
Thank you
Regarding the issue of image abuse, you can track this ISSUE if the provider is the default 'ipx'.
https://github.com/unjs/ipx/issues/45
Hi,
Have you thought about some protection from bad actors modifying url so that each request will trigger new transformation? Its pretty easy to loop over few parameters in the url and get unique requests that caching wont catch.
Here is a good read, https://imagekit.io/blog/reduce-unauthorised-use-image-urls/
Hash sounds like a good idea. Include precomputed hash in the url, that will be checked for validity before performing transformation.
Thank you