New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How can I restrict access to resources only through my domain? #6619
Comments
On the other hand, exposing the projectId "3do82whm" and dataset "next" in the URL is highly insecure. How can this issue be addressed? |
Project ID and dataset name are not considered sensitive. Images uploaded to the CDN is public, as documented here: https://www.sanity.io/docs/keeping-your-data-safe#5c2e941ea03c If you don't want documents to be publicly accessible you can make the dataset private (images will still be public, but their URLs are not easily guessable, so unless you publish them it's unlikely that anyone will find them) If you don't want project id/dataset, content or images to be publicly accessible you need to put auth in front of your website. |
For instance, if I upload an image https://cdn.sanity.io/images/3do82whm/next/e54be0b039dcf6cb7d215e5473bd5efc9315bc1f-1790x1364.png?rect=1,0,1789,1364&w=800&h=610&fit=clip&auto=format , how can I ensure that the image can only be loaded from my domain and not from other domains?
The text was updated successfully, but these errors were encountered: