Rendering strategies
Where you render HTML (and when you mint Rendorix URLs) changes ops and caching more than it changes the image pipeline itself. The edge still sees a normal GET; the question is whether those URLs were produced at build time, on each request, or per session on a server you control.
- Static — SSG / prerender: HTML and image URLs are fixed when you build (or when CI runs). Best when content and allowlists are known ahead of time.
- SSR — On-demand HTML: you sign and inject URLs per request or per user. Best when pages are personalized or links must stay short-lived.
Both require HMAC (or equivalent) to run in a trusted environment—never in the browser bundle (Usage).
Decision tree
Section titled “Decision tree”flowchart TB
q1{Does each visitor need a different set of image URLs?}
q2{Is all image metadata known when you run build or CI?}
ssrPath[Use SSR or hybrid]
staticPath[Use static or prerender]
q1 -->|no| q2
q1 -->|yes| ssrPath
q2 -->|yes| staticPath
q2 -->|no| ssrPath
Rule of thumb: If the only differences are A/B on copy and image list is the same for everyone, static is simpler. If who is logged in, entitlements, or per-user avatars change the URL set, you need a server in the path for signing (full SSR or a BFF that the static app calls for tokens or signed URLs only).
| Concern | Lean static | Lean SSR |
|---|---|---|
| Secret handling (HMAC) | In build/CI env | In server runtime env |
URL freshness (exp) | Rebuild to refresh | New URL every request if needed |
| HTML cacheability | Very cacheable at CDN | Harder if HTML is per-user |
| Operational surface | Build + deploy | Always-on runtime |
Shared guidance
Section titled “Shared guidance”- Never sign in the client — Use Generating image URLs from a build plugin, server module, or serverless function only.
- Match
expto your HTML lifecycle — TTL: a static page with a 1-hour signed URL in HTML can break images for anyone who keeps a tab open; static sites often use longer signed TTL and bust caches with deploys or versioned assets. - Optional hybrid — A static app can call a small API that returns a signed URL for a key; you still do not put the secret in the client.
- Framework pointers — Astro (static) and Astro (SSR) when those examples are filled in.
See also
Section titled “See also”- Usage: overview — flows by environment
- Tradeoffs — cost and complexity
- Core concepts: caching — CDN and browser behavior