Generally speaking, to prevent theft and enable anti-leeching, putting the authentication on the CDN will reduce the storage pressure on the Qiniu source station. If it is a static image of the website, it cannot be said to be a token that is valid for one hour. In this way, the expiration time is very short. In view of the difficulties encountered by the poster, I personally recommend binding a custom domain name and configuring the referer to prevent hotlinking, so that it can only be opened on your own web page. If you feel that there is still a risk of fraud on the page, you can submit a work order to https://support.qiniu.com/ to apply for anti-attack policy configuration.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Generally speaking, to prevent theft and enable anti-leeching, putting the authentication on the CDN will reduce the storage pressure on the Qiniu source station. If it is a static image of the website, it cannot be said to be a token that is valid for one hour. In this way, the expiration time is very short. In view of the difficulties encountered by the poster, I personally recommend binding a custom domain name and configuring the referer to prevent hotlinking, so that it can only be opened on your own web page. If you feel that there is still a risk of fraud on the page, you can submit a work order to https://support.qiniu.com/ to apply for anti-attack policy configuration.