Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How can I restrict access to resources only through my domain? #6619

Closed
luobogor opened this issue May 10, 2024 · 2 comments
Closed

How can I restrict access to resources only through my domain? #6619

luobogor opened this issue May 10, 2024 · 2 comments

Comments

@luobogor
Copy link

For instance, if I upload an image https://cdn.sanity.io/images/3do82whm/next/e54be0b039dcf6cb7d215e5473bd5efc9315bc1f-1790x1364.png?rect=1,0,1789,1364&w=800&h=610&fit=clip&auto=format , how can I ensure that the image can only be loaded from my domain and not from other domains?
@luobogor
Copy link
Author

On the other hand, exposing the projectId "3do82whm" and dataset "next" in the URL is highly insecure. How can this issue be addressed?

@bjoerge
Copy link
Member

bjoerge commented May 21, 2024

Project ID and dataset name are not considered sensitive. Images uploaded to the CDN is public, as documented here: https://www.sanity.io/docs/keeping-your-data-safe#5c2e941ea03c

If you don't want documents to be publicly accessible you can make the dataset private (images will still be public, but their URLs are not easily guessable, so unless you publish them it's unlikely that anyone will find them)

If you don't want project id/dataset, content or images to be publicly accessible you need to put auth in front of your website.

@bjoerge bjoerge closed this as completed May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bjoerge @luobogor