| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability in this project, please report it privately by emailing the maintainer rather than creating a public issue.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if known)
- We will acknowledge receipt within 24 hours
- We will provide a more detailed response within 72 hours
- We will work with you to validate and address the issue
This project requires:
- Flickr API Key: Used for image search
- Cloudflare API Token: For deployment (CI/CD only)
Important: Never commit these secrets to the repository. Use:
wrangler secret putfor production secrets.dev.varsfor local development (ignored by git)- GitHub Secrets for CI/CD workflows
The service implements IP-based rate limiting (60 requests/minute) to prevent abuse.
- Only Creative Commons licensed images are served
- SafeSearch is enabled for all Flickr queries
- Image metadata is stripped during processing
The service uses permissive CORS headers (Access-Control-Allow-Origin: *) for broad frontend compatibility. Consider restricting this in production if you know your domains.