From 4344fdad9a16e1b8febf03479615a0f2d0fae07e Mon Sep 17 00:00:00 2001 From: Andrew Godwin Date: Thu, 1 Dec 2022 09:43:36 -0700 Subject: Update S3 to use world-readable files --- docs/installation.rst | 7 +++++-- takahe/settings.py | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/installation.rst b/docs/installation.rst index 662a980..e4c0878 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -84,9 +84,12 @@ be provided from the first boot. fully-qualified URL prefix that serves that directory. * If it is set to ``gcs://``, it must be in the form ``gcs://bucket-name`` - (note the two slashes if you just want a bucket name) + (note the two slashes if you just want a bucket name). Your bucket must + be set to world-readable and have individual object permissions disabled. - * If it is set to ``s3://``, it must be in the form ``s3://access-key:secret-key@endpoint-url/bucket-name`` + * If it is set to ``s3://``, it must be in the form + ``s3://access-key:secret-key@endpoint-url/bucket-name``. Your bucket must + permit publically-readable files to be uploaded. * ``TAKAHE_MAIN_DOMAIN`` should be the domain name (without ``https://``) that will be used for default links (such as in emails). It does *not* need to be diff --git a/takahe/settings.py b/takahe/settings.py index 2dc4ffa..288ecca 100644 --- a/takahe/settings.py +++ b/takahe/settings.py @@ -304,6 +304,8 @@ if SETUP.MEDIA_BACKEND: elif parsed.scheme == "s3": DEFAULT_FILE_STORAGE = "storages.backends.s3boto3.S3Boto3Storage" AWS_STORAGE_BUCKET_NAME = parsed.path.lstrip("/") + AWS_QUERYSTRING_AUTH = False + AWS_DEFAULT_ACL = "public-read" if parsed.username is not None: AWS_ACCESS_KEY_ID = parsed.username AWS_SECRET_ACCESS_KEY = urllib.parse.unquote(parsed.password) -- cgit v1.2.3