Recently, I received news that the image upload feature in my project needs to undergo security review. After solving this problem, I’m marking it down here.
I’m currently using Tencent Cloud’s COS-CDN, so I’ll use this product as an example to introduce the process.
Current COS usage
Images are currently uploaded via COS, which returns a path after storage. I use COS with a bound domain name through CDN for users to access.
Review configuration
- COS supports configuring automatic image review. Since my COS also contains other resources, I enabled COS path restrictions for automatic image review—for example, only images in the /user-images path are reviewed.
- Since my image upload function was already online before, I needed to handle two types of images: existing and new ones
- Existing images are reviewed by configuring a task for COS to review them again
- For new images, I use the COS SDK, which automatically triggers review after upload
- Configure actions for non-compliant reviews. Considering that user images might be misjudged or the current standards are too strict, I configured the system to automatically move non-compliant images to a specified directory so there’s still a chance to recover them.
- Since the review is configured to be post-upload, the COS upload environment doesn’t know if the image is non-compliant. Therefore, if you want to notify users about non-compliant images in your project, you still need to call the review API yourself or configure a review callback API. Otherwise, the upload will succeed without any violation notification, but the image will return 404 when accessed because it was processed after the post-upload review.
Final Thoughts
Now I understand how to use image review and have solved the requirement. However, I have to say that these needs are really driven by the domestic environment…
