Skip to content

Hot link protection #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Hot link protection #28

wants to merge 1 commit into from

Conversation

itowlson
Copy link
Contributor

@itowlson itowlson commented Mar 6, 2025

No description provided.

itowlson
itowlson commented Mar 6, 2025
View reviewed changes
samples/hot-link-protection/assets/forbidden-image.png Outdated
Copy link
Contributor Author

@itowlson itowlson Mar 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am hoping to be able to replace the redirect with returning this image, but I need some guidance from Fermyon JS folks before I can get that working. If I can't get it working I'll remove the image. Apparently file reading doesn't work

@itowlson itowlson force-pushed the hot-link-protection branch from 2f812f7 to ef251ce Compare March 6, 2025 22:30
@itowlson
Hot link protection
76dc641 
Signed-off-by: itowlson <[email protected]>
@itowlson itowlson force-pushed the hot-link-protection branch from ef251ce to 76dc641 Compare March 10, 2025 21:23
vdice
vdice reviewed Jul 15, 2025
View reviewed changes
Copy link
Member

@vdice vdice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As mentioned in #28 (comment), it would be nice to have some explicit indicator of the hot link being blocked. As it is, it isn't immediately obvious when viewing the website that the broken image is on account of being blocked or on account of, say, the hot link protection site not running or not available. But again, for sample purposes, perhaps not worth the extra time.

samples/hot-link-protection/README.md
python -m http.server 8080 # or python3
```

Then visit `http://127.0.0.1:8080` to see that the link via the proxy is blocked.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if my system/python, but the command to run the test-site shows the following:

$ python -m http.server 8080
Serving HTTP on :: port 8080 (http://[::]:8080/) ...

and while http://localhost:8080 navigates to the test site correctly, http://127.0.0.1:8080 doesn't (rather, eg curl: (56) Recv failure: Connection reset by peer occurs).

Do you see the same thing? If so, should we update this to http://localhost:8080?

samples/hot-link-protection/test-site/index.html
<p><img src='https://developer.fermyon.com/static/image/avatar.png' width="200" height="200"></p>

<p>Here's the same image tag going via the proxy site:</p>
<p><img src='http://localhost:3000/static/image/avatar.png' width="200" height="200"></p>
Copy link
Member

@vdice vdice Jul 15, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Depending on my other comment (python server only available at localhost:8080), we may need to change this to 127.0.0.1:3000 so that the hot link protection logic functions as intended.

samples/hot-link-protection/README.md
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it worth spelling out how to deploy to FwF? Then a note to update the test-site index.html with the fwf app address?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vdice vdice vdice left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@itowlson @vdice