secure_token_types
Defines MIME types that should receive secure tokens in NGINX.
Description
The secure_token_types directive specifies which MIME types will trigger the generation of secure tokens in NGINX, enabling the delivery of secure content through mechanisms like query strings or cookies. This directive is particularly useful for media files that require token-based access control.
You can define multiple MIME types by separating them with spaces. When the request's Content-Type matches one of the specified MIME types, the secure token module will generate a token to be embedded in either the request headers or the response, depending on the configuration. This is essential for serving dynamic content securely and ensuring that only authorized users can access protected resources.
Contexts in which secure_token_types can be used include http, server, and location, making it flexible for configuration at different levels of the server block. It's important to note that without specifying this directive, the module will not know which types of requests necessitate token generation, leading to potential security loopholes.
Config Example
http {
secure_token_types application/vnd.apple.mpegurl application/dash+xml video/f4m;
}Ensure MIME types are correctly specified as per the requirements of your application; mismatches may prevent token generation.
If no types are specified, secure tokens will not be generated, which could lead to unauthorized access to protected content.