Home

Awesome

CamoDotNet

CamoDotNet is a .NET port of camo. It is all about making insecure assets look secure. This is an SSL image proxy to prevent mixed content warnings on secure pages.

Check the GitHub blog for background on why camo exists.

Using a shared key, proxy URLs are encrypted with hmac so we can bust caches/ban/rate limit if needed.

CamoDotNet currently runs on:

Features

URL Formats

CamoDotNet supports two distinct URL formats:

http://example.org/<digest>?url=<image-url>
http://example.org/<digest>/<image-url>

The <digest> is a 40 character hex encoded HMAC digest generated with a shared secret key and the unescaped <image-url> value.

The <image-url> is the absolute URL locating an image. In the first format, the <image-url> should be URL escaped aggressively to ensure the original value isn't mangled in transit.

In the second format, each byte of the <image-url> should be hex encoded such that the resulting value includes only characters [0-9a-f].

Usage

Server

The CamoDotNet server is implemented as an OWIN middleware and can be added to any OWIN application, either as a middleware (using IAppBuilder.Use) or as the main server (using IAppBuilder.Run). The following example bootstraps a CamoDotNetServer under the /camo path.

public class Startup
{
    public void Configuration(IAppBuilder app) // or IApplicationBuilder in .NET Core
    {
        var camoServerSettings = CamoServerSettings.GetDefault("shared_key_goes_here");
        var camoUrlHelper = new CamoUrlHelper(
            new CamoSignature(camoServerSettings.SharedKey), "/camo");

        app.UseCamoServer(
            "/camo",
            camoServerSettings,
            new HttpClient { Timeout = TimeSpan.FromSeconds(10) });
    }
}

The CamoDotNet.Sample project contains a minimal sample of embedding CamoDotNet in an application.

Client

All the client has to to is render an <img /> tag that references a proxied image. URLs can be generated manually, using the URL format described above. Another option is by using the CamoDotNet.Core.CamoUrlHelper class:

var helper = new CamoUrlHelper(new CamoSignature(
    CamoServerSettings.GetDefault("shared_key_goes_here").SharedKey), "https://camo-url/");

return helper.GenerateUrl(url);

The CamoDotNet.Sample project contains a minimal sample that renders an image proxied through CamoDotNet.

Configuration

CamoDotNet comes with several configuration options which can be specified as a parameter to the CamoDotNet server.