Office 365 Public CDN really anonymous accessible?

%3CLINGO-SUB%20id%3D%22lingo-sub-1105139%22%20slang%3D%22en-US%22%3EOffice%20365%20Public%20CDN%20really%20anonymous%20accessible%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1105139%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20everyone%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20a%20bit%20confused%20with%20the%20Public%20CDN%20option.%20For%20my%20understanding%20if%20you%20setup%20a%20public%20cdn%20all%20the%20files%20that%20are%20allowed%20(IncludeFileExtensions%20CSS%2CEOT%2CGIF%2CICO%2CJPEG%2CJPG%2CJS%2CMAP%2CPNG%2CSVG%2CTTF%2CWOFF)%20are%20accessible%26nbsp%3Banonymous.%20This%20is%20also%20what%20is%20documented%20under%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fenterprise%2Fuse-office-365-cdn-with-spo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fenterprise%2Fuse-office-365-cdn-with-spo%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20setup%20the%20public%20cdn%20for%20a%20custom%20library%20and%20uploaded%20a%20jpg%20file.%20I%20can%20see%20from%20developer%20tools%20the%20file%20is%20loaded%20via%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fpubliccdn.sharepointonline.com%2Feviadev.sharepoint.com%2Fsites%2FRechnungen%2Fcdntest%2Ftest.jpg%3Fwidth%3D1600%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fpubliccdn.sharepointonline.com%2F%3CMYTENANT%3E%2Fsites%2FSiteCollection%2Fcdntest%2Fmyfile.jpg%3Fwidth%3D1600%3C%2FMYTENANT%3E%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eif%20I%20browse%20the%20url%20while%20I'm%20authenticated%20it%20opens%20the%20file.%20If%20I%20browse%20the%20file%20while%20I'm%20not%26nbsp%3Bauthenticated%20it%20shows%20an%20access%20denied.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F165042i88ADDAF1BC17E6B0%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22publiccdn2.png%22%20title%3D%22publiccdn2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20question%20is%2C%20are%20these%20files%20really%20accessible%20via%20Internet%20if%20I%20have%20the%20url%3F%20or%20what%20is%20definition%20of%20anonymous%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ekind%20regards%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1105139%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECDN%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPublic%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1106414%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Public%20CDN%20really%20anonymous%20accessible%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1106414%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F163232%22%20target%3D%22_blank%22%3E%40Benjamin%20Stierle%3C%2FA%3E%26nbsp%3B-%20how%20are%20you%20testing%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you're%20just%20entering%20the%20address%20to%20the%20image%20directly%20in%20the%20browser%2C%20it%20won't%20work%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22%3CSPAN%3EYou%20cannot%20test%20CDN%20URLs%20directly%20in%20a%20web%20browser%20because%20you%20must%20have%20a%20referer%20coming%20from%20SharePoint%20Online.%20However%2C%20if%20you%20add%20the%20CDN%20asset%20URL%20to%20a%20SharePoint%20page%20and%20then%20open%20the%20page%20in%20a%20browser%2C%20you%20will%20see%20the%20CDN%20asset%20rendered%20on%20the%20page.%22%20-%20from%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fenterprise%2Fuse-office-365-cdn-with-spo%23CDNConfirm%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20Microsoft%20documentation%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi everyone, 

 

I'm a bit confused with the Public CDN option. For my understanding if you setup a public cdn all the files that are allowed (IncludeFileExtensions CSS,EOT,GIF,ICO,JPEG,JPG,JS,MAP,PNG,SVG,TTF,WOFF) are accessible anonymous. This is also what is documented under https://docs.microsoft.com/en-us/office365/enterprise/use-office-365-cdn-with-spo

 

I have setup the public cdn for a custom library and uploaded a jpg file. I can see from developer tools the file is loaded via https://publiccdn.sharepointonline.com/<mytenant>/sites/SiteCollection/cdntest/myfile.jpg?width=1600

 

if I browse the url while I'm authenticated it opens the file. If I browse the file while I'm not authenticated it shows an access denied. 

 

publiccdn2.png

 

 

My question is, are these files really accessible via Internet if I have the url? or what is definition of anonymous? 

 

kind regards   

1 Reply

Hi @Benjamin Stierle - how are you testing this?

 

If you're just entering the address to the image directly in the browser, it won't work:

 

"You cannot test CDN URLs directly in a web browser because you must have a referer coming from SharePoint Online. However, if you add the CDN asset URL to a SharePoint page and then open the page in a browser, you will see the CDN asset rendered on the page." - from this Microsoft documentation