While you can dynamically change any transformation you need for your website, we also allow you to "lock-in" your settings by moving to a strict mode called strict transformations on your production systems once you are settled on a design (and fear abuse).
This means that only asset transformations that were explicitly requested by the developer can be accessed by the website's visitors. This effectively prevents visitors from generating unwanted assets on your account. This option is available in the settings section of our management console under the parameters Strict transformations (only for images) and Strict video transformations.
Comments
7 comments
And how do you know if the transformations are explicitly requested by the developer?
Hi,
Sorry for the very late reply, we have noticed that this request was left unattended. I guess this is not relevant anymore but for future reference -
Only transformations that are explicitly marked as allowed in the console or named transformations or signed_URLs (generated server-side using an authenticated API) can be dynamically created.
For more information,
http://cloudinary.com/documentation/image_transformations#strict_transformations
@Maor, I'd love to use strict transformations but it seems it's incompatible with Responsive with Client-Hints ?
What I'd like to do is only restrict to some base transformations (watermark, effects, etc.), but still allow Responsive transformations i.e. via Client Hints. How do I do this?
Currently to support responsive I have to disable strict transformations.
i.e. when I try to use both features I got this server response:
Server:cloudinary
Status:401 Unauthorized
Vary:DPR,Width
X-Cld-Error:Transformation c_scale,dpr_2.0,f_webp,fl_awebp,q_auto,t_sc_thumb,w_400/ is not allowed
X-Request-Id:fd14846a063af96a
X-UA-Compatible:IE=Edge,chrome=1
Hi Hendy,
Sorry for the delayed response.
You can leverage our `f_auto, dpr_auto` with strict transformations by allowing these specific transformations. In your case, allowing `c_scale,dpr_2.0,f_auto,q_auto,t_sc_thumb,w_400` and `c_scale,dpr_1.0,f_auto,q_auto,t_sc_thumb,w_400` should work.
Makes sense?
Let me know if it works for you.
Kind regards,
Maor
Hi,
So It means that we have to authorized every combinaison ? With a
Thanks.
Hey,
In case of `w_auto` it can indeed stack up to many transformations to allow. We are currently working on a solution to this behaviour.
That said, depending on your usage, you can still allow few specific transformations (such as when using srcset) or defining a certain rounding step for `width` - w_auto[:rounding step][:width].
For more information,
http://cloudinary.com/documentation/image_transformation_reference#width_parameter
Best,
Maor
Please sign in to leave a comment.