Issue #3216Opened January 5, 2021by tomhatzer2 reactions

FEAT: Add referrerPolicy to image loading through asset manager

Question

What are you trying to add to GrapesJS? I'm trying to add the Referer header to image loading through asset manager.

Describe your feature request detailed I'm working on a pagebuilder that's hosted on AWS. To stop people hotlinking my images, I've implemented AWS WAF which restricts image loading to the referer domain (my own domains). When loading an image programmatically using .src there is no referer header being sent resulting in broken/non displayable images (403 errors from the webserver). We can solve this problem by setting the referrerPolicy attribute to origin. More details about this can be found here: https://developer.mozilla.org/en-US/docs/Web/API/HTMLImageElement/referrerPolicy

Is there an alternative at the latest version?

  • Yes (descripe the alternative)
  • No

Is this related to an issue?

  • Yes (Give a link to the issue)
  • No

Answers (3)

artfJanuary 5, 20211 reactions

As already replied to the PR, this can be done by extending the image component if necessary, without the risk of breaking the integration for others.

And as a note, when you want to add a feature, you should always think about how this will work for others. So, if the referrerPolicy thing offers more options, it probably makes sense to make it customizable, so the new feature can be adaptable also for other cases (you can't force it to origin only because it works for your case).

tomhatzerJanuary 5, 20211 reactions

Thank you very much for the tipp @artf - I'll try to get this done by extending the original component. Have a great day! 😃

tomhatzerJanuary 7, 20210 reactions

For everyone who has the same problem that the iframe doesn't send referrer headers for content displayed inside of it, here's a quick and dirty fix.

Just set the Canvas iFrame src to your desired domain that you want to use the referrer with. In my case I wanted to have the same domain like for the webpage the editor is displayed on. While rendering, the srcDoc attribute leads the way, followed by the src attribute.

Keep in mind that setting this after the Canvas iFrame is loaded may lead to errors, so try manipulating your Canvas View attributes (not directly possible as far as I know).

Related Questions and Answers

Continue research with similar issue discussions.

Issue #3608

FEAT: Disable Dragging

What are you trying to add to GrapesJS? I have implemented an alternative text editing component (not based on RTE). I want people to be ab...

3 answersUpdated August 8, 2021

Issue #3427

FEAT: Add lazy loading support for images

What are you trying to add to GrapesJS? Lazily loading support for images. Describe your feature request detailed Latest Browsers support l...

1 answersUpdated May 7, 2021

Issue #3356

FEAT: Unminified version in the latest release

What are you trying to add to GrapesJS? Un-minified versions for each release Describe your feature request detailed I am working with some...

1 answersUpdated March 22, 2021

Issue #3067

FEAT: remove 'display: block' inline style from Style Manager sectors and properties

What are you trying to add to GrapesJS? Improve visibility for Style Manager sectors and properties. Describe your feature request detailed...

3 answersUpdated October 14, 2020

Paid Plugins That Match This Issue

Curated by issue keywords and label relevance to help you ship faster.

View all plugins

Loading paid plugin recommendations...

Browse Plugin Categories

Jump directly to plugin category pages on the marketplace.

PresetsPluginsComponentsBlocksAssetsCommandsI18nLayersStylesStoragesRTENewslettersWeb pagesSite builders