Stealing from Google
4 days ago
- #Cloudflare R2
- #Image Optimization
- #Next.js
- Modern frameworks like Next.js and Astro provide optimized <Image> components but require allowlisting remote domains to prevent abuse.
- The author proposes uploading avatars from Google/GitHub to their own bucket (Cloudflare R2) to avoid trusting external domains.
- A Next.js server action verifies, fetches, uploads, and updates the user's avatar URL to serve from a custom domain.
- This approach ensures users only need to allowlist one domain (the app's) for images, enhancing security and branding consistency.