Vercel Blob URLs public?

hsg424 · December 18, 2024, 1:04pm

The documentation for Vercel Blob states:

“Vercel Blob URLs, although publicly accessible, are unique and hard to guess.
This is similar to Share a file publicly in Google Docs. You should ensure that the URLs are only shared to authorized users.”

I’m not sure why the documentation says, “URLs are only shared to authorized users.”

Does this mean that I should NOT expose my Vercel Blob in Next.js Image component’s “src” attribute like:

<Image src="https://UNIQUE-STRING.public.blob.vercel-storage.com/my-imgs/flower.webp" />

Is this because a malicious user could get the location (URL) of my vercel blob and image locations and perform a ton of unneeded requests for my images to run up my vercel blob bill?

neversitdull · December 18, 2024, 2:30pm

No. It’s pretty typical, and safe for public website assets, like images, to use the blob URL directly. I interpret the documentation’s suggestion about “authorized users” as more for sensitive documents or private assets rather than public images.

neversitdull · December 18, 2024, 2:35pm

For clarity I guess It is still possible for malicious activity to happen, but that’s why Vercel has dDos protection and rate limiting in place. Using the Next.js Image component also helps through automatic image optimizations and caching to help reduce the request back to your blob storage.

hsg424 · December 18, 2024, 6:49pm

Ok, I will use the blob URL directly on an Image component’s “src” attribute then since these are public assets.

<Image src="https://UNIQUE-STRING.public.blob.vercel-storage.com/my-imgs/flower.webp" />

Next.js cached/optimized images stored in “_next/image” are given image names that include the original “src” attribute used on the <Image component.

So clients/users can see your blob URL in the “src” attribute even on cached images coming from “_next/image.”

Which is not a problem… since again, these are public assets/images.

I am assuming the built-in DDoS protection you mentioned applies to both vercel blob and next.js app hosting contexts?

Thanks for the thorough response!

system · December 25, 2024, 6:50pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
We want your feedback on the Vercel Blob SDK Announcements storage	3	135	November 12, 2024
Vercel Blob Storage Help nextjs	4	32	November 12, 2024
Image Optimization Requests coming through in Vercel even though I use a custom loader Help nextjs	5	28	September 29, 2024
Vercel Remote Image Cache Deletion Help nextjs	11	42	August 16, 2024
Vercel Preview Links break when moving from NextJS v13 to v14 Help nextjs	2	20	October 19, 2024

Vercel Blob URLs public?

Related topics