Skip to main content

Overview

When integrating Palazzo into your application, follow these security best practices to protect your users and ensure a safe experience.

URL Validation

Image URL Security

Always validate image URLs before passing them to Palazzo to prevent malicious content or security vulnerabilities. 
const isValidImageUrl = (url) => {
  try {
    const parsed = new URL(url);

    if (!['http:', 'https:'].includes(parsed.protocol)) {
      return false;
    }

    const validExtensions = ['.jpg', '.jpeg', '.png', '.webp'];
    const hasValidExtension = validExtensions.some(ext =>
      parsed.pathname.toLowerCase().endsWith(ext)
    );

    return hasValidExtension;
  } catch {
    return false;
  }
};

const imageUrl = userInput.trim();
if (isValidImageUrl(imageUrl)) {
  window.location.href = `https://app.palazzo.ai/?image_url=${encodeURIComponent(imageUrl)}`;
}

Best Practices

  • Validate URLs: Always validate and sanitize user-provided URLs
  • Use HTTPS: Ensure image URLs use HTTPS protocol for secure transmission
  • Encode Parameters: Use encodeURIComponent() to properly encode URL parameters
  • Whitelist Domains: Consider whitelisting trusted domains for image sources
  • File Type Validation: Verify that URLs point to valid image file types

Data Privacy

User Data Protection

  • No Sensitive Data: Avoid including sensitive information in URL parameters
  • Image Content: Ensure users consent to processing their uploaded images
  • Third-Party Images: Verify you have rights to use and process images from external sources

Example: Secure Parameter Handling

const generatePalazzoUrl = (imageUrl, sku) => {
  if (!imageUrl || !isValidImageUrl(imageUrl)) {
    throw new Error('Invalid image URL');
  }

  if (sku && !/^[a-zA-Z0-9-_]+$/.test(sku)) {
    throw new Error('Invalid SKU format');
  }

  const params = new URLSearchParams();
  params.append('image_url', imageUrl);

  if (sku) {
    params.append('sku', sku);
  }

  return `https://app.palazzo.ai/?${params.toString()}`;
};

Integration Security

Implementation Checklist

  • Use HTTPS for all integrations
  • Validate all user inputs before passing to Palazzo
  • Implement proper error handling
  • Monitor integration usage for anomalies
  • Keep your instance configuration secure
  • Test integrations in a staging environment first

Production Deployment

When deploying to production:
  1. Test thoroughly: Verify all URL parameters work correctly
  2. Monitor usage: Track how users interact with the integration
  3. Handle errors gracefully: Provide clear feedback if integration fails
  4. Document permissions: Ensure proper user consent for image processing

Reporting Security Issues

If you discover a security vulnerability or have concerns, please contact our security team immediately at [email protected].