-
Notifications
You must be signed in to change notification settings - Fork 0
Posting, putting and deleting
thumbor original photo uploading end-point supports three different http verbs: put, post and delete.
By default, put and delete are disabled. This is done to tighten thumbor's security. If you wish to enable them, please refer to the How Upload works in thumbor page.
Posting is the only allowed by default method. It allows new images to be sent to thumbor. If the same image is sent again, thumbor will raise an exception.
This is done so users can't overwrite images with other images, possibly defacing your website.
In order to post a new image, all you have to do is send a multi-part form with a file field called media and action of http://{thumbor-server}/upload and method of POST.
Putting is a little more dangerous if you don't have strict control of who can access the /upload route. This is because whatever is sent using this method gets saved to storage, overwriting the previous entry.
In order to put a new image, all you have to do is send a multi-part form with a file field called media and action of http://{thumbor-server}/upload and method of PUT.
Deleting can be very dangerous, thus is disabled by default.
If you do enable it, in order to delete an image, all you have to do is send a request to http://{thumbor-server}/upload with a method of DELETE and a field called file_path with the same path that was used when uploading the image.