search

skaut / skaut-google-drive-gallery

A WordPress gallery using Google Drive as file storage.
https://wordpress.org/plugins/skaut-google-drive-gallery/
MIT License
50 stars 9 forks source link

The images cannot be cached by the browser because their URLs are temporary #166

Open marekdedic opened 5 years ago

marekdedic commented 5 years ago

https://wordpress.org/support/topic/permanent-links-and-caching/

marekdedic commented 5 years ago

On the other hand, this can be seen as a security feature - if we were to provide a permanent URL of the image, it could be viewed even after the gallery has been taken down.

marekdedic commented 5 years ago

The way I see it this could be implemented in 2 ways:

Both of those are unsatisfactory. Closing this issue, can reopen if a suitable alternative emerges.

adamjanovsky commented 5 years ago

@marekdedic First of all, thanks for great plugin that's going to serve scouts well for its simplicity. However, I'm looking for any way how to improve the performance of either Wordpress on Lebeda server (off-topic) or this plugin. I have roughly 65 albums in my gallery and load time of the folders themselves (without counting photos inside) is roughly 4 seconds. If the user is forced to wait once (or the gallery is preloaded on the background while user enters index website) that's acceptable to me. But no caching (or ajax?) results in the list of albums rendering itself every time I go back into the gallery when browsing between albums. With all respects that justs leaves the plugin unusable.

Can I ask how the security is affected when permanent URLs are released? Once the gallery is published, it is exposed to the public anyway. Presuming otherwise is a security issue.

Could you consider adding an option slider to introduce permanent urls, set to False with an explicit security warning?

Anyway, props for any security measures, rare to see.

marekdedic commented 5 years ago

I've created #234 because frontend caching seems like a good idea. All the galleries are already running on AJAX.

You're right that once a gallery has been published, all future security may just be wishful thinking. I am open to reconsidering the issue.

adamjanovsky commented 4 years ago

I'm thinking how would be the permanent URL acquired from Drive API? Is it acquired through the "sharing link" feature? If yes, the access can be revoked and links made invalid later on.

So, behaviour I can imagine is maintaining an inner state of what folders are currently being displayed on the web. Every time a folder stops being displayed, just check whether it's being displayed by some other post/page. If not, revoke the permanent URLs. If yes, keep them up.

Of course, some assumptions are made and complicated behaviour is involved...

adamjanovsky commented 4 years ago

I have roughly 65 albums in my gallery and load time of the folders themselves (without counting photos inside) is roughly 4 seconds. If the user is forced to wait once (or the gallery is preloaded on the background while user enters index website) that's acceptable to me. But no caching (or ajax?) results in the list of albums rendering itself every time I go back into the gallery when browsing between albums. With all respects that justs leaves the plugin unusable.

Measured it more precisely on today, loading of the gallery (thumbnails for 16 albums and two folders: each with another 20 albums) takes exactly 5 seconds. When it will take 0.5, I'll be satisfied. There must be a margin for improvement. I'm willing to take a closer look at it.