Hi Louis, Thank you for this amazing blog. It is very helpful.
Concerning the ORDS First Party Authentication (Apex-Session), do we need to setup something on ORDS for that to work ?
I've spent a lot of time trying to make it working but for some reason ORDS always return 401 Unauthorized error. (I can see in the POST request of my browser the http header "apex-session" with the correct value but ORDS reject the request ).
I've tried using a ORDS OAUTH2 Token and it works properly.
Concerning the image storage, I'm not a big fan of storing blob inside the database.
And I also think that there is a better approach to send the images to the storage location without using ORDS and overloading the database with blob handling.
The idea is to send the image directly from the client browser to Google Cloud Storage (or another cloud storage).
GCS provide JSON API to "Initiate a resumable upload session" which return a secure upload URL. We only need to define a PL/SQL Function to initiate an upload session on GCS using OAUTH2 to return an "upload url" to the client. That way, the GCS oauth token is not visible by the client, which is something we want to avoid to secure the bucket content.
The challenge here is to be able to dynamically set the upload url of the "CKEditor Simple upload adaptor" by executing an AJAX Call to execute that PL/SQL function when the user pick an image... + Another challenge is the successful response that the "CKEditor Simple upload adapter" is waiting for : { "url":"....." } Maybe we would have to define a "Custom upload adapter"
Best Regards