summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Godwin2022-12-01 09:43:36 -0700
committerAndrew Godwin2022-12-01 09:43:36 -0700
commit4344fdad9a16e1b8febf03479615a0f2d0fae07e (patch)
treeac298809afeb472478c163d48ada413aa9defc5a
parent676dda0cb666d4953de9a6e62dbb53ec93c759f3 (diff)
downloadtakahe-4344fdad9a16e1b8febf03479615a0f2d0fae07e.tar.gz
takahe-4344fdad9a16e1b8febf03479615a0f2d0fae07e.tar.bz2
takahe-4344fdad9a16e1b8febf03479615a0f2d0fae07e.zip
Update S3 to use world-readable files
-rw-r--r--docs/installation.rst7
-rw-r--r--takahe/settings.py2
2 files changed, 7 insertions, 2 deletions
diff --git a/docs/installation.rst b/docs/installation.rst
index 662a980..e4c0878 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -84,9 +84,12 @@ be provided from the first boot.
fully-qualified URL prefix that serves that directory.
* If it is set to ``gcs://``, it must be in the form ``gcs://bucket-name``
- (note the two slashes if you just want a bucket name)
+ (note the two slashes if you just want a bucket name). Your bucket must
+ be set to world-readable and have individual object permissions disabled.
- * If it is set to ``s3://``, it must be in the form ``s3://access-key:secret-key@endpoint-url/bucket-name``
+ * If it is set to ``s3://``, it must be in the form
+ ``s3://access-key:secret-key@endpoint-url/bucket-name``. Your bucket must
+ permit publically-readable files to be uploaded.
* ``TAKAHE_MAIN_DOMAIN`` should be the domain name (without ``https://``) that
will be used for default links (such as in emails). It does *not* need to be
diff --git a/takahe/settings.py b/takahe/settings.py
index 2dc4ffa..288ecca 100644
--- a/takahe/settings.py
+++ b/takahe/settings.py
@@ -304,6 +304,8 @@ if SETUP.MEDIA_BACKEND:
elif parsed.scheme == "s3":
DEFAULT_FILE_STORAGE = "storages.backends.s3boto3.S3Boto3Storage"
AWS_STORAGE_BUCKET_NAME = parsed.path.lstrip("/")
+ AWS_QUERYSTRING_AUTH = False
+ AWS_DEFAULT_ACL = "public-read"
if parsed.username is not None:
AWS_ACCESS_KEY_ID = parsed.username
AWS_SECRET_ACCESS_KEY = urllib.parse.unquote(parsed.password)