image icon indicating copy to clipboard operation
image copied to clipboard
verified publisher icon nuxt

secure/signed URL support

Open pi0 opened this issue 4 years ago • 7 comments

Some providers like imgix (https://docs.imgix.com/setup/securing-images) or Cloudinary (https://cloudinary.com/documentation/control_access_to_media) support signing URLs to disallow an attacker generating an unlimited amount of URLs causing downtimes, unprivileged access, resource abuse, etc.

To properly supporting this, we need a server only mechanism that can sign URLs (if exposing tokens to the client-side, an attacker can still access them to sign!). This can be possible with a serverMiddleware or server-only plugin/runtimeConfig (example idea: https://github.com/nuxt/image/pull/205#issuecomment-817114276). And introducing new set of usage limitations. (thus needs discussion before trying to implement)

pi0 avatar May 17 '21 10:05 pi0

Here's ImageKit's signed URL documentation, for your consideration: https://docs.imagekit.io/features/security/signed-urls#generating-signed-urls-on-your-own

nathanchase avatar Jul 08 '21 21:07 nathanchase

Glide signed URL documentation: https://glide.thephpleague.com/2.0/config/security/

shadow81627 avatar Jul 08 '21 23:07 shadow81627

@pi0 Why the need to wait for Nuxt 3 as you stated in #385? What are the usage limitations you mention?

westende avatar May 20 '22 12:05 westende

@pi0, is it possible to call signed url through Nuxt Image with Imagekit set as provider ?

BenjaminOddou avatar Aug 24 '22 17:08 BenjaminOddou

@pi0 @danielroe, has there been any recent progress on this issue?

everyx avatar Aug 31 '23 02:08 everyx