Domain whitelisting
Allow fetching images only from a pre-defined list of origins
Last updated
Was this helpful?
Allow fetching images only from a pre-defined list of origins
Last updated
Was this helpful?
As a reminder, a Cloudimage URL looks like this:
//token.cloudimg.io/original_image_url?operations&filters
By default, images from any origin domains can be resized by Cloudimage. The storage and traffic used by these images will count toward your plan’s allowance. In the Cloudimage admin console, you can restrict the list of origin server URLs your token can transform images from.
If you are using Aliases and you have Domain whitelisting enabled, you have to include all aliases in the whitelisted domain list.
Log in to your Cloudimage admin console and navigate to Image settings / tab Domains. Scroll down to Whitelisted domains. Then configure your original image domains / S3 buckets.
Please note that when you whitelist eg. sample.li
, this will also whitelist all its subdomains sub1.sample.li
, www.sample.li
, etc.
When adding a domain to the whitelist, do not include http://
or https://
.
By default, Cloudimage does not enforce the domain whitelist when deliveringStatic content. If you would like to restrict delivering static content to whitelisted domains only, you can enable the Honor whitelist when delivering static content option in the Admin console.
This Cloudimage URL works (the sample.li domain is whitelisted):
//doc.cloudimg.io/http://sample.li/boat.jpg?width=500
If the domain is not in your whitelisted domains list, the request will fail. In this example, pbs.twimg.com
is not whitelisted, so the request is blocked.
//doc.cloudimg.io/pbs.twimg.com/profile_images/839721704163155970/LI_TRk1z_400x400.jpg?w=500