如何在ReactJS中嵌入获取的图像
[英]How to embed fetched images in ReactJS
问题描述
My backend is based on Django and its REST framework. 
我的后端基于Django及其REST框架。
I am serving images via an HTTPresponse. 我正在通过HTTPresponse提供图像。 Since those images contain really sensitive data, I force the clients to authenticate themselves by sending a TOKEN within the header. 由于这些图像包含非常敏感的数据,因此我通过在标头中发送令牌来强制客户端进行身份验证。
The URL is something like www.mywebsite.de/api/images/<id> . 该URL类似于www.mywebsite.de/api/images/<id> 。
My frontend is based on ReactJS. 我的前端基于ReactJS。
In order to embed those pictures on the frontend, I fetch them using axios. 为了将这些图片嵌入前端,我使用axios来获取它们。 Afterwards I encode them using base64 and place the URI into the src property on a <img /> tag 之后,我使用base64对它们进行编码,并将URI放在<img />标签上的src属性中
Now, thing is I read alot of downsides of base64 encoded images, like bloated size, caching problems an so on... some are listed here: https://medium.com/snapp-mobile/dont-use-base64-encoded-images-on-mobile-13ddeac89d7c 现在,事情是我读了很多base64编码图像的缺点,例如肿的大小,缓存问题等等...此处列出了一些: https : //medium.com/snapp-mobile/dont-use-base64-encoded -images-on-mobile-13ddeac89d7c
I am asking myself now, as a beginner: What are the alternatives? 作为初学者,我现在问自己:有哪些替代方案? How can I embed those images without Base64? 没有Base64的情况下如何嵌入这些图像? I cannot serve a static URL, that's for sure. 我不能提供静态网址,这是肯定的。 Furthermore I cannot tell the img-tag to use a authorization header. 此外,我无法告诉img标签使用授权标头。
I would be thankful for any hint into the right direction. 我很高兴能向正确的方向提供任何提示。
Thank you in advance :) 先感谢您 :)
1 个解决方案
解决方案1
0 2019-07-23 19:23:05
You should have a look at this post . 您应该看一下这篇文章 。 To sum it up, if your images are on a public website there is no way to protect them 100%. 综上所述,如果您的图片在公共网站上,则无法100%保护它们。 However you can reduce the risk to the lowest using these practices: 但是,您可以使用以下实践将风险降低到最低:
- Use the
background-imagecss rule with classes or ID specific to the image.对特定于图像的类或ID使用background-imagecss规则。 - Disable controls like right-click on sensitive data using JS. 禁用控件,例如使用JS右键单击敏感数据。
- Configure your
robots.txtserver file so that search engines don't browse sensitive data.配置robots.txt服务器文件,以使搜索引擎不会浏览敏感数据。 - Have a look at JS plugins which prevents users interactions, just like javascript video players. 看一下阻止用户交互的JS插件,就像javascript视频播放器一样。
However be aware that none of these solutions are 100% reliable. 但是请注意,这些解决方案都不是100%可靠的。 For instance, a base64 string can be copy-pasted by inspecting the html and decode it. 例如,可以通过检查html并将其解码来复制粘贴base64字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.