Form with images
Hello, my website has a form where the user can attach multiple images. These could be sensitive images, so I'd like to send this form data to another user that should be able to view the images, but only that person should be able to view.
I don't need Cloudflare Images product. Should I use R2 for this? Is it possible to upload the images to a public bucket, but with the images only accessible by those that have the secret link?
12 Replies
Yeah. As long as the ID of the image is sufficiently random, then randos shouldn't be able to stumble upon an image
ok, and there's no way through an API or something where someone could "list" the items in the bucket?
cuz then i'd be completely screwed
Not without an API key
Ok, and so to be certain that the files are uploaded with sufficient ID, I should be doing the uploading server side through a Worker?
so Worker kind of acts as a middleman uploader?
Yeah, and then return the ID generated in the Response
seems simple enough, thanks !
this presigned URL thing overkill for this?
You can do that, but if you are already using a Worker, I wouldn't bother
So the Worker gets full access to the R2 binding, so it's up to me to make sure i don't do anything bad
i'm trying to figure out if I should upload images as they get selected, or do it all at once when the form is submitted
any suggestions?
Depending on their size, it might make the decision for you
I was worried if I do it all at once the worker would timeout or something... but isn't there unbound workers now?
Yes, but those are being phased out in place of Standard Billing
But all Workers can run indefinitely
The only thing explicitly limited is CPU Time, which isn't consumed while streaming(for example from a browser to R2)
Ok well that's perfect then, it would definitely be easier to do it all at once, might save me a ton of space too from abandoned forms
What happens if I try to upload a non-image file to Cloudflare Images? I'm wondering what kind of validation i need to do once the form is submitted to make sure users aren't trying to upload anything other than images.