Optionally cut parameters from image URL

[ofhouse]

When providing the URL the user could add parameters to the URL to pass the CloudFront cache key. E.g.: /_next/image?url=http%3A%2F%2Fexample.com%2Ftest.png%3Ffoo%3Dbar

There should be an option to prevent bypassing the cache this way.

url parameter

This is a tricky one since adding parameters to the the url is a valid option since it could be used with storage engines that require some form of authentication. E.g. adding a api key through a parameter.

The only way to secure this would probably to introduce another S3 bucket instead of (or together with) CloudFront Origin Shield for the local caching. This way the CloudFront Function could from the Accept header could determine a cache key (leaving out path params) based on the input and forward the request to S3. If an object with the key exists in S3 it is served from there otherwise a failover would trigger the Lambda to generate a response or image. The Lambda would then determine a cache-key based on the input params and store the image back to S3 before returning it to CloudFront.

x-ref: https://github.com/milliHQ/terraform-aws-next-js-image-optimization/issues/75