Using a external CDN for Phabricator static content?
OpenPublic
Actions

Asked by • panc.marko on Sep 9 2016, 9:16 AM.

Details

How wise it is to CDN-ize your static phabricator content. By first look all the static links (hosting the repos) look as follows:

https://<PHAB-URL>/file/data/<RAND1>/PHID-FILE-<RAND2>/<FILENAME>

Which gives a really high entropy.

Are there any security implications we should be aware of?

See T10262 for historical discussion - there's not such high entropy as it looks at first (The random things are constant per-file).
If you set up an "Alternate File Domain", the static resources will be automatically served from it - see https://secure.phabricator.com/book/phabricator/article/configuring_file_domain/ for details.