2 years ago · b92de43cf3
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,11 @@
 
				 # Changelog
			
 
				 
			
 
				 ## [Unreleased]
			
 
				+### Add
			
 
				+- Add support for `Sec-CH-DPR` and `Sec-CH-Width` client hints.
			
 
				+
			
 
				+### Remove
			
 
				+- Remove suport for `Viewport-Width` client hint.
			
 
				 
			
 
				 ## [3.15.0] - 2023-04-10
			
 
				 ### Add
			
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -249,11 +249,11 @@ Check out the [Best format](best_format.md) guide to learn more.
 
				 
			
 
				 ## Client Hints support
			
 
				 
			
 
				-imgproxy can use the `Width`, `Viewport-Width` or `DPR` HTTP headers to determine default width and DPR options using Client Hints. This feature is disabled by default and can be enabled by the following option:
			
 
				+imgproxy can use the `Width` and `DPR` HTTP headers to determine default width and DPR options using Client Hints. This feature is disabled by default and can be enabled by the following option:
			
 
				 
			
 
				 * `IMGPROXY_ENABLE_CLIENT_HINTS`: enables Client Hints support to determine default width and DPR options. Read more details [here](https://developers.google.com/web/updates/2015/09/automating-resource-selection-with-client-hints) about Client Hints.
			
 
				 
			
 
				-**⚠️ Warning:** Headers cannot be signed. This means that an attacker can bypass your CDN cache by changing the `Width`, `Viewport-Width` or `DPR` HTTP headers. Keep this in mind when configuring your production caching setup.
			
 
				+**⚠️ Warning:** Headers cannot be signed. This means that an attacker can bypass your CDN cache by changing the `Width` or `DPR` HTTP headers. Keep this in mind when configuring your production caching setup.
			
 
				 
			
 
				 ## Video thumbnails
			
 
				 
			
--- a/options/processing_options.go
+++ b/options/processing_options.go
@@ -1087,17 +1087,21 @@ func defaultProcessingOptions(headers http.Header) (*ProcessingOptions, error) {
 
				 	}
			
 
				 
			
 
				 	if config.EnableClientHints {
			
 
				-		if headerDPR := headers.Get("DPR"); len(headerDPR) > 0 {
			
 
				+		headerDPR := headers.Get("Sec-CH-DPR")
			
 
				+		if len(headerDPR) == 0 {
			
 
				+			headerDPR = headers.Get("DPR")
			
 
				+		}
			
 
				+		if len(headerDPR) > 0 {
			
 
				 			if dpr, err := strconv.ParseFloat(headerDPR, 64); err == nil && (dpr > 0 && dpr <= maxClientHintDPR) {
			
 
				 				po.Dpr = dpr
			
 
				 			}
			
 
				 		}
			
 
				-		if headerViewportWidth := headers.Get("Viewport-Width"); len(headerViewportWidth) > 0 {
			
 
				-			if vw, err := strconv.Atoi(headerViewportWidth); err == nil {
			
 
				-				po.Width = vw
			
 
				-			}
			
 
				+
			
 
				+		headerWidth := headers.Get("Sec-CH-Width")
			
 
				+		if len(headerWidth) == 0 {
			
 
				+			headerWidth = headers.Get("Width")
			
 
				 		}
			
 
				-		if headerWidth := headers.Get("Width"); len(headerWidth) > 0 {
			
 
				+		if len(headerWidth) > 0 {
			
 
				 			if w, err := strconv.Atoi(headerWidth); err == nil {
			
 
				 				po.Width = imath.Scale(w, 1/po.Dpr)
			
 
				 			}
			
--- a/options/processing_options_test.go
+++ b/options/processing_options_test.go
@@ -439,40 +439,6 @@ func (s *ProcessingOptionsTestSuite) TestParsePathWidthHeaderRedefine() {
 
				 	require.Equal(s.T(), 150, po.Width)
			
 
				 }
			
 
				 
			
 
				-func (s *ProcessingOptionsTestSuite) TestParsePathViewportWidthHeader() {
			
 
				-	config.EnableClientHints = true
			
 
				-
			
 
				-	path := "/plain/http://images.dev/lorem/ipsum.jpg@png"
			
 
				-	headers := http.Header{"Viewport-Width": []string{"100"}}
			
 
				-	po, _, err := ParsePath(path, headers)
			
 
				-
			
 
				-	require.Nil(s.T(), err)
			
 
				-
			
 
				-	require.Equal(s.T(), 100, po.Width)
			
 
				-}
			
 
				-
			
 
				-func (s *ProcessingOptionsTestSuite) TestParsePathViewportWidthHeaderDisabled() {
			
 
				-	path := "/plain/http://images.dev/lorem/ipsum.jpg@png"
			
 
				-	headers := http.Header{"Viewport-Width": []string{"100"}}
			
 
				-	po, _, err := ParsePath(path, headers)
			
 
				-
			
 
				-	require.Nil(s.T(), err)
			
 
				-
			
 
				-	require.Equal(s.T(), 0, po.Width)
			
 
				-}
			
 
				-
			
 
				-func (s *ProcessingOptionsTestSuite) TestParsePathViewportWidthHeaderRedefine() {
			
 
				-	config.EnableClientHints = true
			
 
				-
			
 
				-	path := "/width:150/plain/http://images.dev/lorem/ipsum.jpg@png"
			
 
				-	headers := http.Header{"Viewport-Width": []string{"100"}}
			
 
				-	po, _, err := ParsePath(path, headers)
			
 
				-
			
 
				-	require.Nil(s.T(), err)
			
 
				-
			
 
				-	require.Equal(s.T(), 150, po.Width)
			
 
				-}
			
 
				-
			
 
				 func (s *ProcessingOptionsTestSuite) TestParsePathDprHeader() {
			
 
				 	config.EnableClientHints = true
			
 
				 
			
--- a/processing_handler.go
+++ b/processing_handler.go
@@ -49,7 +49,7 @@ func initProcessingHandler() {
 
				 	}
			
 
				 
			
 
				 	if config.EnableClientHints {
			
 
				-		vary = append(vary, "DPR", "Viewport-Width", "Width")
			
 
				+		vary = append(vary, "Sec-CH-DPR", "DPR", "Sec-CH-Width", "Width")
			
 
				 	}
			
 
				 
			
 
				 	headerVaryValue = strings.Join(vary, ", ")