How to serve protected images from static server (CDN)

Question

I need to serve static content (mostly images) to logged users, but those images cannot be public.

There is basic JWT authorization for clients. Those clients have images, but those images must be private (Only user who owns them can access them).

My images are provided by my second Node.js server what works like CDN (Caching, no headers, etc...)

I was thinking about sending my JWT in URL like this: http://static.example.com/image.jpg?token=jwtjwtjwtkwtjwt, but my JWT is long and it is not secure, because if user share URL to image he also sharing his JWT.

score 1 · Answer 1 · answered Oct 19 '19 at 11:59

1

Allow headers and send token in headers...

Or create dynamic URLs for your images when user authenticated, with some URL lifetime (1 hour etc.). Sample: http://static.example.com/njafhiwe4ihyubwfejw instead http://static.example.com/image.jpg.

answered Oct 19 '19 at 11:59

Volodymyr Sichka

531
4
10

I can't send headers in tag for example, so this is not an option. When I create short lifetime urls i need to refresh them somehow and have option to discard them, etc... I see that for example Google Photos have those URLs but 1per image :D No short lifetime woth rotation – Baterka Oct 20 '19 at 12:23

score 0 · Answer 2 · answered Oct 19 '19 at 13:20

0

You may pass your token in the request Header when loading the image.

if the above doesn't work for you, then you can create an api which get's your token and destination file and returns a url with short lifetime for accessing that file.

answered Oct 19 '19 at 13:20

Mahdi Sadeghi

673
5
13

Same answer as @Volodymyr Sichka – Baterka Oct 20 '19 at 12:26

How to serve protected images from static server (CDN)

2 Answers2