Overrides
Overrides let you tweak a transform for a single img() call without minting a new preset name. With @rendorix/client, you pass the same transform fields the wire uses—w, h, f, q—on the options object; they are merged on top of the resolved preset (later keys win).
rx.img("photos/cover.jpg", { preset: "hero", w: 960 });// Merged transform uses w=960, other fields from "hero" unless also overriddenThere is no separate dpr field in the official client: if you need retina dimensions, set w / h explicitly in app code (e.g. w: baseW * 2 for a 2x slot). Custom dpr= query params are only relevant if your stack implements them in the signer and edge—not part of the default Node canonical set.
Every extra parameter that appears on the signed URL must be included in the HMAC input in sorted order—see Generating image URLs.
Precedence
Section titled “Precedence”@rendorix behavior: preset is resolved first, then inline w / h / f / q override matching keys. ttl only affects exp, not the transform merge.
For bespoke infrastructure, document one policy (preset wins, override wins, or clamp) and make server and edge match.
Allowlists and bounds
Section titled “Allowlists and bounds”The client validates w / h (1…4096), q (1…100), and allowed f values before signing—fail before you emit a bad URL. The edge should re-validate or trust the signature only for signed parameters.
| Concern | Practice |
|---|---|
| Unknown query keys | Reject at edge if you allow manual URLs; the client only emits known keys |
| Huge dimensions | Clamp in policy; abuse burns Lambda cost |
| Preset + override conflict | Define behavior (e.g. avatar is always square—ignore h if wrong) |
Abuse prevention
Section titled “Abuse prevention”- Unbounded user-controlled
w/hin any path (even with signing) can create infinite cache variants and cost—clamp in the client and edge. - Signing is not a rate limit; add WAF / throttling for abusive IPs if needed.