Wildcard in Secure Tokens


When delivering thousands of secured files to the same client, having to send thousands of secure token gets cumbersome and slow. Being able to make one token with a wildcard in, than can be used for all these requests, would be very powerful.

CDNs I know have this:

  • Amazon Cloudfront
  • EdgeCast
  • Fastly allows something similar by using a custom VCL

MaxCDN has it on their roadmap.

While we’re at it, it would be wonderful if the secure tokens were also at least HMAC-SHA1 instead of the broken md5 :slightly_smiling:


Thanks for outlining your situation. We will evaluate that feature. Check out our blog for new features.


+1 for the wildcard. a variant of this would be to specify a folder name (static) or folder depth for the token, rather than the full path.

eg folder name might be /images/secure/. Any images in that folder can use the same token.

or if you have per user folders, eg


then being able to specify a folder depth of 3 (or a path of //images/secure, or ///) would be awesome


We’d also be happy campers if this could be implemented.