self-hosted/imgproxy
1
0
Fork 0
mirror of https://github.com/imgproxy/imgproxy.git synced 2025-12-03 23:19:17 +02:00
Code Issues Releases Activity

Add support for client hints prefixed with Sec-CH-; Remove Viewport-Width header support

Browse Source
This commit is contained in:
DarthSim
2023-04-11 21:08:39 +03:00
parent a2efeb55be
commit b92de43cf3
5 changed files with 18 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/configuration.md
View File

@@ -249,11 +249,11 @@ Check out the [Best format](best_format.md) guide to learn more.
## Client Hints support
imgproxy can use the `Width`, `Viewport-Width` or `DPR` HTTP headers to determine default width and DPR options using Client Hints. This feature is disabled by default and can be enabled by the following option:
imgproxy can use the `Width` and `DPR` HTTP headers to determine default width and DPR options using Client Hints. This feature is disabled by default and can be enabled by the following option:
* `IMGPROXY_ENABLE_CLIENT_HINTS`: enables Client Hints support to determine default width and DPR options. Read more details [here](https://developers.google.com/web/updates/2015/09/automating-resource-selection-with-client-hints) about Client Hints.
**⚠️ Warning:** Headers cannot be signed. This means that an attacker can bypass your CDN cache by changing the `Width`, `Viewport-Width` or `DPR` HTTP headers. Keep this in mind when configuring your production caching setup.
**⚠️ Warning:** Headers cannot be signed. This means that an attacker can bypass your CDN cache by changing the `Width` or `DPR` HTTP headers. Keep this in mind when configuring your production caching setup.
## Video thumbnails