RoadRunner
Allow urls for X-Sendfile header #1842
Replies: 1 comment 2 replies
-
|
Hey @rmikalkenas 👋 Hm, I'm also not sure about passing an S3 presigned URL via headers... But since they are passed only locally, so we should be sure that RR deletes that header after processing in any situation. Generally, In Go we have a 'panic handler' for this, so, if something goes wrong (panicking), we would be able to clear headers with the sensitive information. |
Beta Was this translation helpful? Give feedback.
-
|
I will try to prepare a proof of concept 👍 |
Beta Was this translation helpful? Give feedback.
-
|
@rustatian finally managed to find some time for this > roadrunner-server/send#99 |
Beta Was this translation helpful? Give feedback.
-
At the moment X-Sendfile header only allows local files.
What if it would also allow to pass an url to remote file which would be streamed?
An example could be file streaming from S3 bucket:
backend generates files bucket url and passes it as X-Sendfile header value.
Although not sure about possible security implications, would be interesting to discuss.
Beta Was this translation helpful? Give feedback.
All reactions