- First commit to issue fork.
- Merge request !18Issue #3050183 by upchuk: Allow image style generations for unmanaged remote files → (Open) created by das-peter
- Merge request !19Issue #3050183 by upchuk: Allow image style generations for unmanaged remote files → (Open) created by das-peter
- 🇨🇭Switzerland das-peter
Just came across this as we've got a similar need.
I think we could rely on the Image Derivative Token handling already in core - if it's deemed secure enough.
Having a valid itok parameter indicates that the url was generated by our very own instance which should count pretty much as "managed".
One could probably argue about the cryptographic strength of the core token - as its goal is to prevent DOS and not essentially fending off proxying.