Prohibit unauthorized domains from loading my image URL and embedding it in an <img

Hi all, I have a problem with R2 images

I want to put the URL in an tag so that only on my example.com domain can be loaded. How could I do this so that someone can’t maliciously load my image and make me waste data?

I have tried CORS but it avoids it only when fetching, not when putting the image URL in the tag

Hey there,

To avoid other domains from using your R2 objects, I would recommend you configure a custom domain for the bucket and then enabling hotlink protection for your domain so that requests accessing your images from outside your domain are blocked.

I understand that I can’t do this without buying a domain, right?

A few days ago I activated the domain I use on my website for the bucket and I found that my website was inaccessible.

Can you not use a subdomain of your existing domain?

Can I do this by simply typing subdomain.domain.com when I am prompted for the domain to connect to the bucket?

Have you tried it?

Yes, it works

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.