AWS S3 used to use ACLs to control access to files. In recent times, AWS has moved away from this complicated permission model to one backed by the much-more-complicated (but widely used) IAM permission model. ACLs are now recommended against, and in fact new buckets created since April 2023 will have ACLs disabled by default.
This means that any upload to a newly-created bucket, and any upload to old buckets that have had ACLs disabled, will now fail with an error if the upload specifies an ACL.
CarrierWave always specifies an ACL.
Solution
Add a way to just not supply an ACL in the form of config.fog_acl = false. Since current versions of CarrierWave always specify an ACL, the default has been set to true to maintain backward compatibility, but since AWS now defaults to no ACL, the README has this value set to false.
Fixes #2664.
👀 I'm not familiar with Google's storage offering, but it appears they are in the same position according to #2634. However, I'm not sure if simply not setting Fog's public value is the right solution. If anyone who know's Google product can confirm, that'd be bananas.
Why?
AWS S3 used to use ACLs to control access to files. In recent times, AWS has moved away from this complicated permission model to one backed by the much-more-complicated (but widely used) IAM permission model. ACLs are now recommended against, and in fact new buckets created since April 2023 will have ACLs disabled by default.
This means that any upload to a newly-created bucket, and any upload to old buckets that have had ACLs disabled, will now fail with an error if the upload specifies an ACL.
CarrierWave always specifies an ACL.
Solution
Add a way to just not supply an ACL in the form of
config.fog_acl = false. Since current versions of CarrierWave always specify an ACL, the default has been set totrueto maintain backward compatibility, but since AWS now defaults to no ACL, theREADMEhas this value set tofalse.Fixes #2664.
👀 I'm not familiar with Google's storage offering, but it appears they are in the same position according to #2634. However, I'm not sure if simply not setting Fog's
publicvalue is the right solution. If anyone who know's Google product can confirm, that'd be bananas.Attribution
I started with https://github.com/carrierwaveuploader/carrierwave/pull/2666. (Thank you @jalkoby!) However, it didn't cover every scenario. Please let me know if I should be doing something different to maintain attribution.