3

I like to follow the shortcode conventions like described here: https://laurakalbag.com/processing-responsive-images-with-hugo/ and setting exif parameters in config.toml like so

[imaging.exif]
 # Regexp matching the fields you want to Exclude from the (massive) set of Exif info
# available. As we cache this info to disk, this is for performance and
# disk space reasons more than anything.
# If you want it all, put ".*" in this config setting.
# Note that if neither this or ExcludeFields is set, Hugo will return a small
# default set.
includeFields = ""

# Regexp matching the Exif fields you want to exclude. This may be easier to use
# than IncludeFields above, depending on what you want.
excludeFields = ".*"

# Hugo extracts the "photo taken" date/time into .Date by default.
# Set this to true to turn it off.
disableDate = true

# Hugo extracts the "photo taken where" (GPS latitude and longitude) into
# .Long and .Lat. Set this to true to turn it off.
disableLatLong = true

However, I noticed that while hugo correctly strip exif from generated scaled images, hugo ALSO places the original image with intact EXIF in the public directory, which presents a security issue.

I'm happy with a solution to not publish the original, or a solution that does publish the original image, but with stripped EXIF.

Thanks for any pointers, I'm sure I'm misunderstanding something fundamental!

Klapaucius Klapaucius
  • 619
  • 3
  • 13

1 Answers1

1

A little inelegant, but very safe is to call some kind of preparation before the actual build (to /public). This way you can automatically remove all EXIF information from all photos (e.g. in the blog directory). I use 'jhead' for this purpose. I include this command and other preparations in a script along with the build. If you don't have the build-process in your own hands, this won't work, of course.

find ./static/images/ -type f | xargs -i jhead -purejpg {}
MichaOnline
  • 41
  • 3