Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a minimal image proxy #1

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add a minimal image proxy #1

wants to merge 1 commit into from

Conversation

kevinmcconnell
Copy link
Collaborator

@kevinmcconnell kevinmcconnell commented Mar 4, 2024

To provide some safety when linking to user-supplied external images, we can provide a simple image proxy handler. Images accessed through this proxy will only be served if they meet the following criteria:

  • Appear to be valid image files
  • Are in a permitted format: GIF, JPEG, PNG or WebP
  • Do not have an excessive width or height (5000 pixels max, by default)

To serve an image through this proxy, its URL should be passed to the handler's path as a src query param. The path is supplied to the application in the IMAGE_PROXY_PATH environment variable.

We'll also provide a helper method to make forming the proxy links easier:

Thruster.image_proxy_path('https://example.com/image.jpg')

This will result in a URL something like the following, which will route the image request through Thruster's proxy handler:

/_t/image?src=https%3A%2F%2Fexample.com%2Fimage.jpg

To provide some safety when linking to user-supplied external images, we
provide a simple image proxy handler. Images accessed through this proxy
will only be served if they meet the following criteria:

- Appear to be valid image files
- Are in a permitted format: GIF, JPEG, PNG or WebP
- Do not have an excessive width or height (5000 pixels max, by default)

To serve an image through this proxy, its URL should be passed to the
handler's path as a `src` query param. The path is supplied to the
application in the `IMAGE_PROXY_PATH` environment variable.

We also provide a helper method to make forming the proxy links easier:

    Thruster.image_proxy_path('https://example.com/image.jpg')
@kevinmcconnell kevinmcconnell marked this pull request as draft March 7, 2024 11:04
@palkan
Copy link

palkan commented Mar 13, 2024

We'll also provide a helper method to make forming the proxy links easier:

I would suggest integrating with Active Storage instead (so no application changes would be required, just a configuration one); see, for example, https://github.com/imgproxy/imgproxy-rails

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants