Turn back token validation; Add AllowInsecure config

config.go

@@ -114,6 +114,8 @@ type config struct {
 	MaxSrcDimension  int
 	MaxSrcResolution int
 
+	AllowInsecure bool
+
 	JpegProgressive bool
 	PngInterlaced   bool
 	Quality         int
@@ -147,6 +149,7 @@ var conf = config{
 	IgnoreSslVerification: false,
 	MaxSrcDimension:       8192,
 	MaxSrcResolution:      16800000,
+	AllowInsecure:         false,
 	Quality:               80,
 	GZipCompression:       5,
 	ETagEnabled:           false,
@@ -180,6 +183,8 @@ func init() {
 	intEnvConfig(&conf.MaxSrcDimension, "IMGPROXY_MAX_SRC_DIMENSION")
 	megaIntEnvConfig(&conf.MaxSrcResolution, "IMGPROXY_MAX_SRC_RESOLUTION")
 
+	boolEnvConfig(&conf.AllowInsecure, "IMGPROXY_ALLOW_INSECURE")
+
 	boolEnvConfig(&conf.JpegProgressive, "IMGPROXY_JPEG_PROGRESSIVE")
 	boolEnvConfig(&conf.PngInterlaced, "IMGPROXY_PNG_INTERLACED")
 	intEnvConfig(&conf.Quality, "IMGPROXY_QUALITY")
@@ -250,6 +255,10 @@ func init() {
 		log.Fatalf("Max src resolution should be greater than 0, now - %d\n", conf.MaxSrcResolution)
 	}
 
+	if conf.AllowInsecure {
+		warning("Token validation is disabled. Hope you know what you're doing")
+	}
+
 	if conf.Quality <= 0 {
 		log.Fatalf("Quality should be greater than 0, now - %d\n", conf.Quality)
 	} else if conf.Quality > 100 {

processing_options.go

@@ -408,9 +408,11 @@ func parsePath(r *http.Request) (string, processingOptions, error) {
 		return "", processingOptions{}, errors.New("Invalid path")
 	}
 
-	// if err := validatePath(parts[0], strings.TrimPrefix(path, fmt.Sprintf("/%s", parts[0]))); err != nil {
-	// 	return "", processingOptions{}, err
-	// }
+	if !conf.AllowInsecure {
+		if err := validatePath(parts[0], strings.TrimPrefix(path, fmt.Sprintf("/%s", parts[0]))); err != nil {
+			return "", processingOptions{}, err
+		}
+	}
 
 	if _, ok := resizeTypes[parts[1]]; ok {
 		return parsePathSimple(parts[1:])