Back
Safe Approach to Bucket
Hello, This is my utility function for obtaining the users' avatar url.
Is this a safe approach to the problem? I am also unsure about ending the url with &mode=admin. The issue is, without &mode=admin, it doesn't load the avatars.
TypeScript
export const getAvatarUrl = (avatarId) => {
if (!avatarId) return null;
const url = `${import.meta.env.VITE_ENDPOINT}/storage/buckets/${import.meta.env.VITE_AVATAR_BUCKET}/files/${avatarId}/view?project=${import.meta.env.VITE_PROJECT}&mode=admin`;
return url;
};
TL;DR
Developers are discussing a safe way to share images from a bucket. The utility function shared gets the user's avatar URL, but the concern is the security of appending `&mode=admin` to the URL. Using this approach may pose security risks, and it's recommended to review permissions and allow access through the bucket for sharing.Safe Approach to Bucket
mode admin only works for your console session, it will not work for other people. if you want to share this image with others you need to either allowing from your bucket or file permissions depending on which security model you're using
