Start building
Star on GitHub 45.1K Start building
Back

Different appwrite IDs are getting exposed in the file url.

  • 0
  • Web
View on Discord
bewake24
12 Dec, 2024, 09:10

File_URL_FORMAT= https://cloud.appwrite.io/v1/storage/buckets/[BUCKET_ID]/files/[FILE_ID]/preview?project=[PROJECT_ID]

I'm trying to access files in my web app. The requested files are coming from the URL in the given format above which is exposing my projectId and Bucket id. Is this a good idea to expose them. If not how can I avoid them without using any proxy.

TL;DR
Developers are concerned about exposing Appwrite IDs in file URLs. A suggestion was made to use headers like `X-Appwrite-Project` instead of including IDs in the URL. However, it was noted that headers can be easily checked via Dev tools or a MITM Proxy. The File URL Format was provided as an example. Avoid exposing IDs in URLs for security reasons.
Joshi
12 Dec, 2024, 09:11

It's fine

Darshan Pandya
12 Dec, 2024, 09:50

You can use headers (X-Appwrite-Project) if you don't like the Project ID in the URL itself. Mind you that those headers can be easily checked via just a few clicks to Dev tools > Network tab or via a MITM Proxy.

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more