This support forum is no longer in use. Please use the Cloudinary Community at https://community.cloudinary.com/ to receive assistance from other members of the community and from Cloudinary's support team. For account-specific questions or if you believe that you've encountered a bug, please contact the Cloudinary team directly via the "submit a request" option on this support site.

localhost development with restricted fetch/referral domains

Follow
Avatar
Chris Kohout

Hi,

We are locking down our fetch and referral domains to our production site. How can we support local development to make images fetches? We've added localhost to the domain list and are receiving HTTP 401.

Also, it's not clear how to add multiple domains to that list? Comma separated? New line separated?


We are on the Plus plan.

Thank you.

0

Comments

3 comments

Sort by Date Votes
  • Avatar
    Roee Ben Ari

    Hi Chris, 

    I assume you're referring to the 'Allowed fetch domains' setting? if so, note that this setting is meant to restrict the fetched URLs domains and not the domains that make the request (e.g., localhost). 

    When uploading a resource using remote-upload/fetch, in cases where firewalls are present (as in local dev environments), the origin/destination server needs to authorize (whitelist) the IPs from which requests are sent by Cloudinary.

    Normally these requests are processed by a bundle of servers, using dynamic IPs that cannot be whitelisted in advance and therefore may be blocked by the firewall. This can be solved by configuring your account to use certain web proxies that have fixed IPs (this service is available starting the Advanced plan).

    If you're interested in this service, please open a support ticket and let's continue the discussion from there?

    0
    Comment actions Permalink
  • Avatar
    CTR

    So, we can not restrict what domains fetch the assets? There is no way to Access-Control-Allow-Origin an asset to a production domain? So there is no way to host an asset only allowable on your domain? So all Cloudinary hosted files can be stolen and reference by other websites? 

    The label on the setting says "Specify the domains and subdomains from which images and videos can be fetched. Enter each domain on a separate line." 

    0
    Comment actions Permalink
  • Avatar
    Stephen Doyle

    We have several methods of restricting access to images to authorized users, and there's a lot of flexibility depending on your requirements. There's an outline of some methods available in this help center article: https://support.cloudinary.com/hc/en-us/articles/202519742-Can-I-allow-access-to-uploaded-images-only-to-authenticated-users-
    There's also a guide to some of the methods in our main documentation: https://cloudinary.com/documentation/upload_images#control_access_to_images

    Not all methods are available on all plans, and in particular, some methods such as whitelisting or blacklisting by referrer domain or based on cookie signatures require manual setup between our systems and those of our CDN partners.

    If you contact us directly via our support center and let us know a little about your requirements, we can also suggest some specific solutions

    0
    Comment actions Permalink

Post is closed for comments.