[Images] Updated docs for allowed origins #19795
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![hyperlint-ai[bot]](https://avatars.githubusercontent.com/in/718456?s=60&v=4){kind=small}
Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com>
Deploying cloudflare-docs with
|
| Latest commit: |
5c51f28
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://184eb1b0.cloudflare-docs-7ou.pages.dev |
| Branch Preview URL: | https://dpena-images-allowlist.cloudflare-docs-7ou.pages.dev |
deadlypants1973
approved these changes
Feb 6, 2025
| Before you can enable transformations, you must purchase Cloudflare Images. To use transformations, you will need to enable the feature on each zone: | ||
| Cloudflare will automatically cache every transformed image on our global network so that you store only the original image at your origin. | ||
|
|
||
| To enable this functionality on your zone: |
Contributor
There was a problem hiding this comment.
I think it's good to define exactly what our "this" statements are. Are they enabling the automatic caching or the image transformation? I assume it is the transformation so I offered this suggestion.
Suggested change
| To enable this functionality on your zone: | |
| To enable image transformation on your zone: |
|
|
||
| When optimizing remote images, you can specify which origins can be used as the source for transformed images. By default, Cloudflare accepts only source images from the zone where your transformations are served. | ||
|
|
||
| You will learn how to define and manage the origins for the source images that you want to optimize. |
Contributor
There was a problem hiding this comment.
I feel like...
- you should change to imperative "Learn how to..." and put it at the very beginning of this page or
- say "On this page,..." or
- get rid of this sentence entirely.
It's a bit confusing to run into here. Cause you introduced this idea at the first sentence already.
| You will learn how to define and manage the origins for the source images that you want to optimize. | ||
|
|
||
| :::note | ||
| This setting applies to requests from Cloudflare Workers. |
Contributor
There was a problem hiding this comment.
Suggested change
| This setting applies to requests from Cloudflare Workers. | |
| Image transformation and origin definition applies to requests from Cloudflare Workers. |
What is 'this setting'?
|
|
||
| By default, your accepted sources are set to **allowed origins**. Cloudflare will always allow source images from the same zone where your transformations are served. | ||
|
|
||
| If you request a transformation with a source image from outside your **allowed origins**, then the image will be rejected. For example, if you serve transformations on your zone `a.com` and do not define any additional origins, then `a.com/image.png` can be used as a source image, but b.com/image.png will return an error. |
Contributor
There was a problem hiding this comment.
Suggested change
| If you request a transformation with a source image from outside your **allowed origins**, then the image will be rejected. For example, if you serve transformations on your zone `a.com` and do not define any additional origins, then `a.com/image.png` can be used as a source image, but b.com/image.png will return an error. | |
| If you request a transformation with a source image from outside your **allowed origins**, then the image will be rejected. For example, if you serve transformations on your `a.com` zone and do not define any additional origins, then `a.com/image.png` can be used as a source image, but `b.com/image.png` will return an error. |
|
|
||
|  | ||
|
|
||
| When you add a root domain, subdomains are not accepted. In other words, if you add `b.com`, then source images from media.b.com will be rejected. |
Contributor
There was a problem hiding this comment.
Suggested change
| When you add a root domain, subdomains are not accepted. In other words, if you add `b.com`, then source images from media.b.com will be rejected. | |
| When you add a root domain, subdomains are not accepted. In other words, if you add `b.com`, then source images from `media.b.com` will be rejected. |
|
|
||
| To support all subdomains, you can use the `*` wildcard at the beginning of the root domain. For example, `*.b.com` will accept source images from the root domain (like `b.com/image.png`) as well as from subdomains (like `media.b.com/image.png` or `cdn.b.com/image.png`). | ||
|
|
||
| 3. Optionally, specify the **Path** for the source image. If no path is specified, then source images from all paths on this domain are accepted. |
Contributor
There was a problem hiding this comment.
Suggested change
| 3. Optionally, specify the **Path** for the source image. If no path is specified, then source images from all paths on this domain are accepted. | |
| 3. Optionally, you can specify the **Path** for the source image. If no path is specified, then source images from all paths on this domain are accepted. |
|
|
||
| To support individual subdomains, you can define an additional origin such as `media.b.com`. If you add only `media.b.com` and not the root domain, then source images from the root domain (`b.com`) and other subdomains (`cdn.b.com`) will be rejected. | ||
|
|
||
| To support all subdomains, you can use the `*` wildcard at the beginning of the root domain. For example, `*.b.com` will accept source images from the root domain (like `b.com/image.png`) as well as from subdomains (like `media.b.com/image.png` or `cdn.b.com/image.png`). |
Contributor
There was a problem hiding this comment.
Suggested change
| To support all subdomains, you can use the `*` wildcard at the beginning of the root domain. For example, `*.b.com` will accept source images from the root domain (like `b.com/image.png`) as well as from subdomains (like `media.b.com/image.png` or `cdn.b.com/image.png`). | |
| To support all subdomains, use the `*` wildcard at the beginning of the root domain. For example, `*.b.com` will accept source images from the root domain (like `b.com/image.png`) as well as from subdomains (like `media.b.com/image.png` or `cdn.b.com/image.png`). |
|
|
||
| When you add a root domain, subdomains are not accepted. In other words, if you add `b.com`, then source images from media.b.com will be rejected. | ||
|
|
||
| To support individual subdomains, you can define an additional origin such as `media.b.com`. If you add only `media.b.com` and not the root domain, then source images from the root domain (`b.com`) and other subdomains (`cdn.b.com`) will be rejected. |
Contributor
There was a problem hiding this comment.
Suggested change
| To support individual subdomains, you can define an additional origin such as `media.b.com`. If you add only `media.b.com` and not the root domain, then source images from the root domain (`b.com`) and other subdomains (`cdn.b.com`) will be rejected. | |
| To support individual subdomains, define an additional origin such as `media.b.com`. If you add only `media.b.com` and not the root domain, then source images from the root domain (`b.com`) and other subdomains (`cdn.b.com`) will be rejected. |
|
|
||
| Cloudflare checks whether the defined path is at the beginning of the source path. If the defined path is not present at the beginning of the path, then the source image will be rejected. | ||
|
|
||
| For example, if you define an origin with domain `b.com` and path `/themes`, then `b.com/themes/image.png` will be accepted but `b.com/media/themes/image.pn`g will be rejected. |
Contributor
There was a problem hiding this comment.
Suggested change
| For example, if you define an origin with domain `b.com` and path `/themes`, then `b.com/themes/image.png` will be accepted but `b.com/media/themes/image.pn`g will be rejected. | |
| For example, if you define an origin with domain `b.com` and path `/themes`, then `b.com/themes/image.png` will be accepted but `b.com/media/themes/image.png` will be rejected. |
|
|
||
| When your accepted sources are set to **any origin**, any publicly available image can be used as the source image for transformations on this zone. | ||
|
|
||
| This setting is less secure and may allow third parties to serve transformations on your zone. |
Contributor
There was a problem hiding this comment.
Suggested change
| This setting is less secure and may allow third parties to serve transformations on your zone. | |
| **Any origin** is less secure and may allow third parties to serve transformations on your zone. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses PCX-15781