Closed simonw closed 2 years ago
Here's how to sign them: https://github.com/imgix/imgix-python/blob/fd81a9159e9f1a3dcd32a79632d7b96f28dcbc2b/imgix/urlhelper.py#L123-L149
I want to embed the URLs in the template for ease of hacking, so I won't use their client library directly.
I'm introducing a new IMGIX_SECRET
environment variable for the secret.
I turned on signed URLs for the Imgix sfms-history
bucket here: https://dashboard.imgix.com/sources/62bea31ce29b088535fe2b6f
Then added the resulting token to Vercel as the IMGIX_SECRET
setting here: https://vercel.com/datasette/sfms-history/settings/environment-variables
Right now anyone can build URLs to the Imgix bucket to iterate through pages from PDFs, or to access data in PDFs that we may not even want to publish.
Can use this Imgix signing mechanism to prevent that: https://docs.imgix.com/setup/securing-assets