top | item 39631843

(no title)

sbr464 | 2 years ago

All media/photos you upload to a private airtable.com app are public links. No authentication required if you know the url.

discuss

andix|2 years ago

There is a dilemma for web developers with images loaded from CDNs or APIs. Regular <img> tags can't set an Authorization header with a token for the request, like you can do with fetch() for API requests. The only possibility is adding a token to the URL or by using cookie authentication.

Cookie auth only works if the CDN is on the same domain, even a subdomain can be problematic in many cases.

internetter|2 years ago

This is actually fairly common for apps using CDNs – not just airtable. I agree it's potentially problematic

blue_green_maps|2 years ago

Yes, this is the case for images uploaded through GitHub comments, I think.