diff --git a/src/assets/images/images/preserve-content-credentials.png b/src/assets/images/images/preserve-content-credentials.png new file mode 100644 index 00000000000000..c0268b306e4702 Binary files /dev/null and b/src/assets/images/images/preserve-content-credentials.png differ diff --git a/src/content/docs/images/transform-images/control-origin-access.mdx b/src/content/docs/images/transform-images/control-origin-access.mdx index f6982e551b9bcf..96a4f2c9d74d5d 100644 --- a/src/content/docs/images/transform-images/control-origin-access.mdx +++ b/src/content/docs/images/transform-images/control-origin-access.mdx @@ -2,7 +2,7 @@ pcx_content_type: reference title: Control origin access sidebar: - order: 24 + order: 4 --- You can serve resized images without giving access to the original image. Images can be hosted on another server outside of your zone, and the true source of the image can be entirely hidden. The origin server may require authentication to disclose the original image, without needing visitors to be aware of it. Access to the full-size image may be prevented by making it impossible to manipulate resizing parameters. diff --git a/src/content/docs/images/transform-images/draw-overlays.mdx b/src/content/docs/images/transform-images/draw-overlays.mdx index 3b6f401a03d7d4..4852142b758150 100644 --- a/src/content/docs/images/transform-images/draw-overlays.mdx +++ b/src/content/docs/images/transform-images/draw-overlays.mdx @@ -2,7 +2,7 @@ pcx_content_type: reference title: Draw overlays and watermarks sidebar: - order: 23 + order: 3 --- diff --git a/src/content/docs/images/transform-images/integrate-with-frameworks.mdx b/src/content/docs/images/transform-images/integrate-with-frameworks.mdx index 293f9ba16c8a8c..660785c9605750 100644 --- a/src/content/docs/images/transform-images/integrate-with-frameworks.mdx +++ b/src/content/docs/images/transform-images/integrate-with-frameworks.mdx @@ -2,7 +2,7 @@ title: Integrate with frameworks pcx_content_type: reference sidebar: - order: 25 + order: 6 --- diff --git a/src/content/docs/images/transform-images/make-responsive-images.mdx b/src/content/docs/images/transform-images/make-responsive-images.mdx index 751309c7429346..70cfc8a324bfe3 100644 --- a/src/content/docs/images/transform-images/make-responsive-images.mdx +++ b/src/content/docs/images/transform-images/make-responsive-images.mdx @@ -2,7 +2,7 @@ pcx_content_type: reference title: Make responsive images sidebar: - order: 26 + order: 7 --- diff --git a/src/content/docs/images/transform-images/preserve-content-credentials.mdx b/src/content/docs/images/transform-images/preserve-content-credentials.mdx new file mode 100644 index 00000000000000..f6ea312e95036f --- /dev/null +++ b/src/content/docs/images/transform-images/preserve-content-credentials.mdx @@ -0,0 +1,27 @@ +--- +pcx_content_type: reference +title: Preserve Content Credentials +sidebar: + order: 5 + +--- + +[Content Credentials](https://contentcredentials.org/) (or C2PA metadata) are a type of metadata that includes the full provenance chain of a digital asset. This provides information about an image's creation, authorship, and editing flow. This data is cryptographically authenticated and can be verified using an [open-source verification service](https://contentcredentials.org/verify). + +You can preserve Content Credentials when optimizing images stored in remote sources. + +## Enable + +You can configure how Content Credentials are handled for each zone where transformations are served. + +In the Cloudflare dashboard under **Images** > **Transformations**, navigate to a specific zone and enable the toggle to preserve Content Credentials: + +![Enable Preserving Content Credentials in the dashboard](~/assets/images/images/preserve-content-credentials.png) + +The behavior of this setting is determined by the [`metadata`](/images/transform-images/transform-via-url/#metadata) parameter for each transformation. + +For example, if a transformation specifies `metadata=copyright`, then the EXIF copyright tag and all Content Credentials will be preserved in the resulting image and all other metadata will be discarded. + +When Content Credentials are preserved in a transformation, Cloudflare will keep any existing Content Credentials embedded in the source image and automatically append and cryptographically sign additional actions. + +When this setting is disabled, any existing Content Credentials will always be discarded. diff --git a/src/content/docs/images/transform-images/serve-images-custom-paths.mdx b/src/content/docs/images/transform-images/serve-images-custom-paths.mdx index 11970bc258a997..556273cca7a3b9 100644 --- a/src/content/docs/images/transform-images/serve-images-custom-paths.mdx +++ b/src/content/docs/images/transform-images/serve-images-custom-paths.mdx @@ -2,7 +2,7 @@ pcx_content_type: reference title: Serve images from custom paths sidebar: - order: 27 + order: 8 head: - tag: title content: Serve images from custom paths diff --git a/src/content/docs/images/transform-images/transform-via-url.mdx b/src/content/docs/images/transform-images/transform-via-url.mdx index 9c9d29cd9e5ff0..ccd4c66077f06f 100644 --- a/src/content/docs/images/transform-images/transform-via-url.mdx +++ b/src/content/docs/images/transform-images/transform-via-url.mdx @@ -2,7 +2,7 @@ pcx_content_type: how-to title: Transform via URL sidebar: - order: 21 + order: 1 --- diff --git a/src/content/docs/images/transform-images/transform-via-workers.mdx b/src/content/docs/images/transform-images/transform-via-workers.mdx index 0a15964202b21c..e3ef0deebdabf1 100644 --- a/src/content/docs/images/transform-images/transform-via-workers.mdx +++ b/src/content/docs/images/transform-images/transform-via-workers.mdx @@ -2,7 +2,7 @@ pcx_content_type: how-to title: Transform via Workers sidebar: - order: 22 + order: 2 --- diff --git a/src/content/partials/images/metadata.mdx b/src/content/partials/images/metadata.mdx index cd0e69110f6b62..1fc0cbecdf974a 100644 --- a/src/content/partials/images/metadata.mdx +++ b/src/content/partials/images/metadata.mdx @@ -3,48 +3,56 @@ --- import { Tabs, TabItem } from "~/components" -Controls amount of invisible metadata (EXIF data) that should be preserved. Color profiles and EXIF rotation are applied to the image even if the metadata is discarded. Note that if the Polish feature is enabled, all metadata may have been removed already and this option will have no effect. +Controls amount of invisible metadata (EXIF data) that should be preserved. + +Color profiles and EXIF rotation are applied to the image even if the metadata is discarded. Content Credentials (C2PA metadata) may be preserved if the [setting is enabled](/images/transform-images/preserve-content-credentials). + +Available options are `copyright`, `keep`, and `none`. The default for all JPEG images is `copyright`. WebP and PNG output formats will always discard EXIF metadata. :::note -Even when choosing to keep EXIF metadata, Cloudflare will modify JFIF data (potentially invalidating it) to avoid the known incompatibility between the two standards. For more details, refer to [JFIF Compatibility](https://en.wikipedia.org/wiki/JPEG_File_Interchange_Format#Compatibility). +- If Polish is enabled, then all metadata may already be removed and this option will have no effect. +- Even when choosing to keep EXIF metadata, Cloudflare will modify JFIF data (potentially invalidating it) to avoid the known incompatibility between the two standards. For more details, refer to [JFIF Compatibility](https://en.wikipedia.org/wiki/JPEG_File_Interchange_Format#Compatibility). ::: Options include: -* `keep`\ - Preserves most of EXIF metadata, including GPS location if present. +* `copyright`\ + Discards all EXIF metadata except copyright tag. + If C2PA metadata preservation is enabled, then this option will preserve all Content Credentials. + ```js - metadata=keep + metadata=copyright ``` ```js - cf: {image: {metadata: "keep"}} + cf: {image: {metadata: "copyright"}} ``` -* `copyright`\ - Discard all metadata except EXIF copyright tag. This is the default behavior for JPEG images. +* `keep`\ + Preserves most of EXIF metadata, including GPS location if present. + If C2PA metadata preservation is enabled, then this option will preserve all Content Credentials. ```js - metadata=copyright + metadata=keep ``` ```js - cf: {image: {metadata: "copyright"}} + cf: {image: {metadata: "keep"}} ``` * `none`\ - Discard all invisible EXIF metadata. Currently, WebP and PNG output formats always discard metadata. + Discards all invisible EXIF and C2PA metadata. If the output format is WebP or PNG, then all metadata will be discarded.