How to securely send image from backend to be displayed in frontend HTML?

Question

I'm developing a web app, including backend server and frontend SPA. When the user is authentified, he must be able to visualise confidential images(previously uploaded) in his browser. I would like to know the best secure way to do that.

Once the user is authentified with the backend(JWT), how can the backend send securely the image to the user to be displayed?.

I think of two way possible for that:

Using a signed url with a timeout. It's also mean anybody finding this public url in the timeout timelaps would have acces to the confidential image. But it's seem "google photos"/facebook are working this way.
Send the image in the rest call in base64. It also mean, if we are in a public place, the call can be logged in any server and be still accessible many year from now.

So any suggestions?!

score 1 · Answer 1 · answered Sep 19 '19 at 22:03

1

You could append a token (maybe even the JWT) to the image URL src and check this token on the backend before serving up the image. The img tag would look something like this:

<img src="https://path-to-image?token=securetoken">

Note I am assuming you are using https (and not http) for the src url, so the token can not be intercepted.

answered Sep 19 '19 at 22:03

raul

620
6
14

Thanks for the answer, i wasn't sure with https if the url was in clear or not! – Maxime Sep 23 '19 at 17:25

How to securely send image from backend to be displayed in frontend HTML?

1 Answers1