ImageResizer.Plugins.RemoteReader
5.0.4-preview01
Prefix Reserved
See the version list below for details.
dotnet add package ImageResizer.Plugins.RemoteReader --version 5.0.4-preview01
NuGet\Install-Package ImageResizer.Plugins.RemoteReader -Version 5.0.4-preview01
<PackageReference Include="ImageResizer.Plugins.RemoteReader" Version="5.0.4-preview01" />
paket add ImageResizer.Plugins.RemoteReader --version 5.0.4-preview01
#r "nuget: ImageResizer.Plugins.RemoteReader, 5.0.4-preview01"
// Install ImageResizer.Plugins.RemoteReader as a Cake Addin #addin nuget:?package=ImageResizer.Plugins.RemoteReader&version=5.0.4-preview01&prerelease // Install ImageResizer.Plugins.RemoteReader as a Cake Tool #tool nuget:?package=ImageResizer.Plugins.RemoteReader&version=5.0.4-preview01&prerelease
ImageResizer.Plugins.RemoteReader
The RemoteReader plugin allows the ImageResizer to resize and display images that are located at any URL. Kind of like a resizing relay.
There are 3 layers of security to prevent abuse.
- The API signs the remote URL with HMAC SHA-256 to prevent anyone from tampering or generating them without access to the signing key.
- A whitelist approach is taken to sites. By default, no sites are allowed. You must handle the RemoteReaderPlugin.Current.AllowRemoteRequest event to permit sites (or portions of sites) to be relayed.
- The plugin requires that all remote images be decoded and re-encoded. Files are never returned as-is. This ensures that the files are valid images, and prevents XSS attacks. This means that without a querystring, /remote/ image requests will not work.
dot
Syntax
There are two syntax options.
Using a signed remote URL. (Using RemoteReaderPlugin.Current.CreateSignedUrl(remoteUrl, resizingSettings) <br /> http://mysite.com/remote.jpg.ashx?width=100&height=200&urlb64=45b45c4a2099b...&hmac=a2099ba2099b
Use a human-friendly syntax where the domain name is specified as a folder. http://mysite.com/remote/othersite.com/otherfolder/image.jpg?width=100&height=200
It is possible to set 'allowAllSignedRequests=true', but you must handle the RemoteReaderPlugin.Current.AllowRemoteRequest event and set args.DenyRequest=false to allow the human-friendly syntax to work.
Installation
- Add ImageResizer.Plugins.RemoteReader.dll to your project or run
Install-Package ImageResizer.Plugins.RemoteReader
. - Add
<add name="RemoteReader" />
inside<resizer><plugins></plugins></resizer>
in Web.config. - Add
<remotereader signingKey="put a long and very secure key here"></remotereader>
inside<resizer></resizer>
. Make sure the key is kept safe, and is the same across all servers in the web farm (if you're using one). This key can contain any XML-safe characters, and should be as long as possible. URLs generated with one key will not work with another.
Configuration reference
<configuration> <resizer> <remotereader signingKey="ag383ht23sag#laf#lafF#oyfafqewt;2twfqw" allowAllSignedRequests="false" allowRedirects="5"> <allow domain="imageresizing.net" /> <allow domain="*.imageresizing.net" onlyWhenSigned="true"/> </remotereader> <plugins> <add name="RemoteReader" /> </plugins> </resizer> </configuration>
AllowRedirects
Redirects are supported, but default behavior is to throw a 500 error if more than 5 are used. You can configure the number of followed redirects with the allowRedirects setting, or set it to 0 to disable following redirects.
Exceptions
404 errors are turned into FileNotFoundExceptions, which are turned back into 404 errors in the URL API. 403 errors are turned into 403 HttpExceptions.
All other exceptions are WebExceptions
Example event handler for whitelisting part of a website for relay
using ImageResizer.Plugins.RemoteReader;
protected void Application_Start(object sender, EventArgs e) {
RemoteReaderPlugin.Current.AllowRemoteRequest += Current_AllowRemoteRequest;
}
static void Current_AllowRemoteRequest(object sender, RemoteRequestEventArgs args) {
if (args.RemoteUrl.StartsWith("http://atrustedwebsite.com/photos/", StringComparison.OrdinalIgnoreCase))
args.DenyRequest = false;
}
Example code for generating a signed URL
using ImageResizer.Plugins.RemoteReader;
img1.ImageUrl = RemoteReaderPlugin.Current.CreateSignedUrl("http://atrustedwebsite.com/photos/leaf.jpg",
new ResizeSettings("width=200&height=100"));
//For the following to work, allowAllSignedRequests must be true
img2.ImageUrl = RemoteReaderPlugin.Current.CreateSignedUrl("http://arandomwebsite.com/photos/leaf.jpg",
new ResizeSettings("width=200&height=100"));
Limitations of human-friendly syntax
The human-friendly syntax has to go through the IIS and ASP.NET request filtering/normalization system, which may cause issues if your URLs have special characters or spaces.
In 3.1.5 and higher, spaces are supported in URLs, but to support '+' characters in remote URLs, you have to make a change in Web.config, as IIS considers '+' dangerous by default ... for unknown reasons.
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="True"/>
</security>
</system.webServer>
Proxy auto-detection
.NET automatically attempts to detect the proxy configuration each time the application starts. To prevent this (often) unnecessary 2-10 second delay, you can disable proxy detection in web.config (below).
<configuration>
<system.net>
<defaultProxy enabled="false">
</defaultProxy>
</system.net>
</configuration>
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET Framework | net472 is compatible. net48 was computed. net481 was computed. |
-
.NETFramework 4.7.2
- ImageResizer (>= 5.0.4-preview01)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
5.0.13-preview09 | 262 | 9/30/2023 |
5.0.11-preview08 | 358 | 12/23/2022 |
5.0.10-preview07 | 407 | 11/17/2022 |
5.0.9-preview06 | 405 | 11/4/2022 |
5.0.8-preview05 | 354 | 11/4/2022 |
5.0.7-preview-04 | 376 | 10/14/2022 |
5.0.6-preview03 | 388 | 10/14/2022 |
5.0.5-preview02 | 365 | 9/29/2022 |
5.0.4-preview01 | 423 | 8/26/2022 |
5.0.3-preview04 | 375 | 8/26/2022 |
5.0.2-preview03 | 390 | 8/25/2022 |
5.0.1-preview02 | 372 | 8/25/2022 |
4.2.8 | 49,285 | 7/31/2020 |
4.2.7-pre | 633 | 7/14/2020 |
4.2.6-pre | 787 | 11/2/2019 |
4.2.5 | 100,781 | 4/6/2018 |
4.2.5-pre | 1,050 | 2/19/2018 |
4.2.4-pre | 1,194 | 12/13/2017 |
4.2.3-pre | 1,032 | 12/13/2017 |
4.2.1-pre | 1,041 | 11/29/2017 |
4.2.0 | 7,810 | 11/28/2017 |
4.1.11 | 1,528 | 11/8/2017 |
4.1.10 | 2,771 | 9/13/2017 |
4.1.9 | 32,132 | 6/22/2017 |
4.1.8 | 1,433 | 6/17/2017 |
4.1.7 | 1,453 | 6/6/2017 |
4.1.7-rc | 1,047 | 6/5/2017 |
4.1.6-rc | 1,034 | 6/1/2017 |
4.1.5-rc | 1,116 | 6/1/2017 |
4.1.4-rc | 1,024 | 5/11/2017 |
4.1.3-rc | 1,104 | 5/11/2017 |
4.1.3-preview | 1,144 | 5/6/2017 |
4.1.3-beta | 1,058 | 5/5/2017 |
4.0.5 | 8,448 | 1/31/2016 |
4.0.4 | 2,891 | 10/25/2015 |
4.0.3 | 1,502 | 10/25/2015 |
4.0.2 | 1,481 | 10/25/2015 |
4.0.1 | 1,475 | 10/25/2015 |
4.0.0-prerelease0881 | 1,930 | 8/11/2015 |
4.0.0-prerelease0877 | 1,133 | 7/7/2015 |
3.4.3 | 20,964 | 5/8/2014 |
3.4.2 | 12,288 | 11/26/2013 |
3.4.1 | 1,694 | 10/30/2013 |
3.4.0 | 1,676 | 10/17/2013 |
3.3.3 | 2,890 | 3/2/2013 |
3.3.2 | 1,726 | 1/24/2013 |
3.3.1 | 1,711 | 12/20/2012 |
3.3.0 | 1,906 | 12/4/2012 |
3.2.4 | 2,523 | 8/6/2012 |
3.2.3 | 1,807 | 6/30/2012 |
3.2.2 | 1,684 | 6/20/2012 |
3.2.1 | 1,721 | 6/4/2012 |
3.2.0 | 1,693 | 6/3/2012 |
3.1.5 | 1,890 | 2/22/2012 |
3.1.4 | 1,843 | 1/22/2012 |
3.1.3 | 1,823 | 1/14/2012 |
3.1.2 | 1,802 | 12/7/2011 |
3.0.13 | 1,898 | 10/23/2011 |
3.0.12 | 1,956 | 8/15/2011 |
3.0.11 | 1,912 | 7/28/2011 |