Go Back HomeCreate Account

Security and Domain Restrictions

Tintage implements comprehensive security measures to protect users and ensure content safety across all video templates and rendering processes.

Overview

All external resources (images, CSS backgrounds, etc.) are subject to domain validation to prevent malicious content and ensure platform security. This system blocks unauthorized domains while allowing trusted sources.

Allowed Domains

The following domains are whitelisted and approved for use in Tintage templates:

Tintage Infrastructure

  • dklbe7bjw8h2k.cloudfront.net - Tintage's CloudFront CDN for hosting user assets

  • public-worker.tintage.workers.dev - Tintage's Cloudflare Workers for dynamic content

  • tintage-bucket.tintage.workers.dev - Tintage's video and asset storage bucket

  • tintage.com - Tintage's main domain and assets

Third-Party Services

  • images.unsplash.com - Unsplash image service for high-quality stock photos

  • images.pexels.com - Pexels free stock photos with commercial use license

  • cdn.pixabay.com - Pixabay free stock photos and vectors

Blocked Content

The following content types are automatically blocked:

Domain Restrictions

  • Unauthorized domains - Any domain not in the whitelist

  • Subdomains of blocked domains - Only exact matches and approved subdomains are allowed

  • IP addresses - Direct IP addresses are not permitted

Data URL Restrictions

  • Base64 data URLs - data:image/... and data;base64,... formats

  • SVG data URLs - data:image/svg+xml;base64,...

  • Any embedded content - All data URLs are blocked for security

Protocol Restrictions

  • Local file paths - file:// protocol URLs

  • Invalid URLs - Malformed or broken URLs

How Domain Validation Works

Real-Time Validation

Domain validation occurs at multiple stages:

  1. Template Editor - Images are validated as users add them

  2. Preview Generation - Content is checked during preview creation

  3. Video Rendering - Final validation before video generation

Validation Process

  1. URL Parsing - Extract domain from the provided URL

  2. Domain Matching - Check against whitelist (exact and subdomain matches)

  3. Content Blocking - Replace blocked content with placeholders

  4. User Notification - Show clear error messages for blocked content

What Happens When Content Is Blocked

In the Template Editor

  • Visual Indicator: Blocked images show "Blocked: Unauthorized domain" message

  • Styling: Dashed border and gray background to indicate blocked state

  • Console Warnings: Detailed logging for debugging

In CSS Backgrounds

  • URL Replacement: Blocked url() functions become url("") (transparent)

  • Silent Failure: CSS backgrounds fail gracefully without breaking layout

In Final Videos

  • Placeholder Content: Blocked images are replaced with error placeholders

  • Consistent Experience: Videos render successfully with blocked content indicators

Using Approved Image Sources

Tintage Image Uploader (Strongly Recommended)

For all custom images, we strongly recommend using Tintage's built-in image uploader. This is the easiest and most reliable method:

How to use:

  1. Click the image picker button in the template editor

  2. Upload your custom image through the interface

  3. The system automatically generates the correct CloudFront URL

  4. Your image is ready to use in templates

Learn more: For detailed instructions on using the template editor and image uploader, see Template Editor Guide and Getting Started with Templates.

Benefits:

  • ✅ Automatic optimization for video rendering

  • ✅ Fast global delivery via CloudFront CDN

  • ✅ Reliable hosting with guaranteed uptime

  • ✅ No external dependencies or broken links

  • ✅ Seamless integration with the template editor

  • ✅ No need to manually construct URLs

Unsplash Images

For high-quality stock photos:

<img data-type="image" 
     src="https://images.unsplash.com/photo-1506748686214-e9df14d4d9d0?ixlib=rb-4.0.3&auto=format&fit=crop&w=1080&h=1080&q=80" 
     alt="Stock photo" />

Benefits:

  • ✅ Professional quality

  • ✅ Wide variety of content

  • ✅ Free to use

  • ✅ Optimized for web

Tintage Domain Assets

For official Tintage assets:

<img data-type="image" 
     src="https://tintage.com/assets/logo.png" 
     alt="Tintage logo" />

CSS Background Images

CSS background images are also subject to domain validation:

Allowed CSS Backgrounds

background-image: url('https://dklbe7bjw8h2k.cloudfront.net/teams/team_ABC123/bg.png');
background-image: url('https://images.unsplash.com/photo-1234567890');
background-image: url('https://tintage.com/assets/pattern.png');

Blocked CSS Backgrounds

/* These will be blocked and become transparent */
background-image: url('data:image/png;base64,iVBORw0KGgo...');
background-image: url('https://malicious-site.com/image.png');
background-image: url('file:///local/path/image.png');

Security Benefits

Protection Against

  • Malicious Content - Prevents loading of harmful images

  • Data Exfiltration - Blocks attempts to load external tracking pixels

  • Performance Issues - Prevents slow-loading external resources

  • Content Injection - Stops unauthorized content from appearing in videos

User Safety

  • Consistent Experience - All content is from trusted sources

  • Reliable Rendering - No dependency on external services

  • Clear Feedback - Users know when content is blocked and why

Best Practices

For Template Creators

  1. Use Tintage's Uploader - Upload custom images through the built-in image uploader (strongly recommended)

  2. Leverage Unsplash - Use Unsplash for high-quality stock photos

  3. Test Early - Check image URLs in the editor before finalizing

  4. Provide Alternatives - Have backup images from approved sources

Resources: Learn more about template creation in our Template Editor Guide and Widget Reference.

For Users

  1. Use the Image Uploader - Upload custom images through Tintage's built-in uploader (recommended)

  2. Check Domain Status - Verify images are from approved domains

  3. Use Preset Images - Leverage the built-in image picker with approved sources

  4. Report Issues - Contact support if legitimate content is blocked

Need help? Check out our Getting Started Guide and Image Widget Documentation for detailed instructions.

Troubleshooting

Common Issues

"Blocked: Unauthorized domain" Message

Cause: Image URL is from a non-whitelisted domain

Solution:

  • Use Tintage's image uploader (strongly recommended for custom images)

  • Use images from approved domains only

  • Use Unsplash for stock photos

CSS Background Not Showing

Cause: Background image URL is blocked

Solution:

  • Check that the URL is from an approved domain

  • Replace with an approved image source

  • Use solid colors or gradients as alternatives

Image Shows Placeholder in Final Video

Cause: Image was blocked during rendering

Solution:

  • Verify the image URL is accessible and from approved domain

  • Test the URL in a browser

  • Replace with an approved image source

Getting Help

If you encounter legitimate content that's being blocked:

  1. Use Tintage's Uploader - Upload custom images through the built-in image uploader (recommended)

  2. Check the URL - Ensure it's from an approved domain

  3. Contact Support - Reach out if you believe content should be whitelisted

  4. Use Alternatives - Switch to approved image sources

Get Support: Need help? Contact our support team through Contact Support or check our FAQ for common questions.

Future Updates

The domain whitelist may be updated to include additional trusted services. Check this documentation for the latest approved domains and security policies.

Last updated: [Current Date] For the most current list of approved domains, check the template editor or contact support.

PreviousTemplate EditorNextTemplate Examples

Last updated