Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Edgar Rasquin 326 posts 925 karma points
    Mar 31, 2021 @ 16:38
    Edgar Rasquin
    0

    Image processor whitelist not working

    I am trying to process images from a remote url in my website.

    As far as I understand it is as easy as adding a whitelist url in the Security.Config as so:

      <whitelist>
        <add url="https://betzold.de"/>
      </whitelist>
    

    I am running Umbraco version 8.11.1 and double checked that the nuget packages are installed and up to date:

    enter image description here

    When inspecting the page in the browser I get the following:

    <img  src="https://static.betzold.de/iview/master/E_755369_a.jpg?mode=crop&width=600&height=400">
    

    But unfortunately it does not process the image. Am I missing something?

  • Marc Goodson 2123 posts 14214 karma points MVP 8x c-trib
    Apr 06, 2021 @ 12:06
    Marc Goodson
    0

    Hi Edgar

    That, might depend on where you are adding your whitelist?

    eg are you adding it to the RemoteImageService service in the security.config?

    <service prefix="remote.axd" name="RemoteImageService" type="ImageProcessor.Web.Services.RemoteImageService, ImageProcessor.Web">
           <!-- The timeout for a request in milliseconds and the maximum 
                allowable download in bytes. -->
          <settings>
            <setting key="MaxBytes" value="4194304"/>
            <setting key="Timeout" value="3000"/>
            <!-- Added version 4.2.0. -->
            <setting key="Protocol" value="http"/>
            <!-- Added version 4.7.0. Optional -->
            <!-- Sets a useragent value for the request. Useful for social networks.
                 See http://www.useragentstring.com/ for available values. -->
            <setting key="Useragent" value=""/>
          </settings>
          <!-- Sets allowable domains to process images from. -->
          <whitelist>
            <add url="http://images.mymovies.net"/>
            <add url="http://maps.googleapis.com"/>
          </whitelist>
        </service>
    

    and should you have:

     <add url="https://static.betzold.de"/>
    

    instead of just the domain?

    regards

    Marc

  • Edgar Rasquin 326 posts 925 karma points
    Apr 07, 2021 @ 08:57
    Edgar Rasquin
    0

    Hi Marc,

    thanks for your reply.

    This is my security.config:

    <?xml version="1.0" encoding="utf-8"?>
    <security>
      <!--Added v4.3.0 -->
      <cors>
        <whitelist>
          <!--
          Demo: Adding a url will send cors headers to that requesting url.
                "*" acts as a universal selector.
          -->
          <add url="http://imageprocessor.org"/>
        </whitelist>
      </cors>
      <services>
        <service name="LocalFileImageService" type="ImageProcessor.Web.Services.LocalFileImageService, ImageProcessor.Web"/>
        <!--Disable the LocalFileImageService and enable this one when using virtual paths. -->
        <!--<service name="CloudImageService" type="ImageProcessor.Web.Services.CloudImageService, ImageProcessor.Web">
          <settings>
            <setting key="MaxBytes" value="8194304"/>
            <setting key="Timeout" value="30000"/>
            <setting key="Host" value="http://yourhost.com/"/>
          </settings>
        </service>-->
        <service prefix="remote.axd" name="RemoteImageService" type="ImageProcessor.Web.Services.RemoteImageService, ImageProcessor.Web">
          <!-- The timeout for a request in milliseconds and the maximum 
                allowable download in bytes. -->
          <settings>
            <setting key="MaxBytes" value="4194304"/>
            <setting key="Timeout" value="3000"/>
            <!-- Added version 4.2.0. -->
            <setting key="Protocol" value="http"/>
            <!-- Added version 4.7.0. Optional -->
            <!-- Sets a useragent value for the request. Useful for social networks.
                 See http://www.useragentstring.com/ for available values. -->
            <setting key="Useragent" value=""/>
          </settings>
          <!-- Sets allowable domains to process images from. -->
          <whitelist>
            <add url="https://betzold.de"/>
            <add url="https://static.betzold-educational.com"/>
            <add url="https://static.betzold.de"/>
            <add url="https://betzold-educational.com"/>
            <add url="https://static.betzold-educational.com"/>
            <add url="https://rasquin.net"/>
          </whitelist>
        </service>
        <!-- Add other service implemtations here. -->
      </services>
    </security>
    

    As you can see above, I have added several whitelist domains.

    This is my test code:

    <table>
        <tr>
            <td style="border: 1px solid #ccc">
                <h4>code4.it</h4>
                <img src="https://code4.it/img/Betzold-100er-Rechenbox-87275_MSTR-L.jpg?mode=boxpad&width=100&height=200" />
                <br />
            </td>
            <td style="border: 1px solid #ccc">
                <h4>static.betzold-educational.com</h4>
                <img src="https://static.betzold-educational.com/images/prod/87275/Betzold-100er-Rechenbox-87275_MSTR-L.jpg?mode=boxpad&width=100&height=200" />
                <br />
            </td>
            <td style="border: 1px solid #ccc">
                <h4>rasquin.net</h4>
                <img src="https://rasquin.net/img/Betzold-100er-Rechenbox-87275_MSTR-L.jpg?mode=boxpad&width=100&height=200" />
            </td>
        </tr>
    </table>
    

    Same Image on three drifferent servers. Here is the result

    enter image description here

    https://code4.it/ is the only domain under which the image processing works. Even though it has not been added to the whitelist.

    Are there any serverside restrictions that could prevent the images beeing processed?

    I'm on my test environment on my local maschine but have set up a test domain on IIS : https://campusshop.localtest.me/ pointing to 127.0.0.1 so I can run the site under https

  • Marc Goodson 2123 posts 14214 karma points MVP 8x c-trib
    Apr 08, 2021 @ 06:41
    Marc Goodson
    1

    Hi Edgar

    If you reference the external images via the remote.axd handler

    /remote.axd/your-external-image?width=300

    /remote.axd?http://your-external-image?width=300

    eg

      <img src="/remote.axd/images/prod/87275/Betzold-100er-Rechenbox-87275_MSTR-L.jpg?mode=boxpad&width=100&height=200" />
    

    or

      <img src="/remote.axd?https://static.betzold-educational.com/images/prod/87275/Betzold-100er-Rechenbox-87275_MSTR-L.jpg?mode=boxpad&width=100&height=200" />
    

    Does that force the external image through the image processor pipeline?

    https://imageprocessor.org/imageprocessor-web/imageprocessingmodule/

    regards

    Marc

  • Edgar Rasquin 326 posts 925 karma points
    Apr 08, 2021 @ 07:27
    Edgar Rasquin
    0

    Hi Marc,

    yes the first option works:

    /remote.axd/your-external-image?width=300
    

    Thank you so much for helping me out!

    Have a nice day

Please Sign in or register to post replies

Write your reply to:

Draft