the specific denial error message reveals more about the imageproxy
configuration than it should, such as what hosts are denied. Instead,
log the full error, but return a generic message that the requested URL
is not allowed.
This is what I probably should have called this when I renamed it back
in 70276f36, since this makes it more obvious that it's a list of
allowed hosts. Renaming now to make room for a `DenyHosts` variable as
part of #85.
versions of all dependencies remain the same, but now use `go mod` to
manage them rather than govendor. This does result in a few extra files
being checked in, since govendor would ignore non-build files and go mod
does not.
If no content types are specified, then accept all responses, regardless
of content type (this is the behavior imageproxy has historically had).
Change default value for the contentTypes flag to be "image/*", so that
the new default when running cmd/imageproxy is that only images will be
proxied. The old default behavior can be achieved by passing an empty
string for the contentTypes flag:
imageproxy -contentTypes ""
Do not send the "XCTO: nosniff" header, since all documentation that I
can find still says that it can cause problems when served with images.
If it's effectively a noop when an explicit content-type is specified in
the response, then this shouldn't actually matter for us either way.
But in the absence of certainty, I'd rather err on the side of following
the spec.
Also add documentation for the new functionality.
Fixes#141
This is a bit cleaner than the gcs cache that was vendored in, is
properly licensed, and uses Google's application default credentials,
which just magically works when run from AppEngine and GCE.
- setting myself as maintainer. I've played with docker enough at this
point that I feel a bit more comfortable maintaining this
- name the build image
The -cache flag can be specified multiple times to create a tier of
caches. Typically this would be used to be put a small in-memory cache
in front of a slower on-disk cache.
Fixes#111
This uses the official Go SDK from Amazon, which supports the newer v4
authentication method. Fixes#74. Doing so also required adding a new
s3cache package which uses the official SDK.
THIS IS A BREAKING CHANGE for anyone that uses s3, since the syntax of
the command line flag is now different. This is unfortunately necessary
because aws-sdk-go always requires the region to be explicitly declared,
which wasn't always the case with the previous format. This breaking
change is unfortunate, but given that the other s3 package hasn't seen
updates in years, and so many new S3 regions only support the newer v4
authentication method, it's necessary.
This has come up a couple of times, such as in #95. As discussed there,
I'm not completely sure this is actually necessary in many cases, but
it's certainly not harmful and if it makes health checks easier to setup
than why not?