Closed madmatt closed 7 years ago
Never mind, I tried this but this still means that you need to allow anonymous access to protected files (even if only for a short period of time).
Instead, 0.2.0 has switched to reading the contents of the file from S3 and outputting it via the web server (a more secure, albeit less performant workaround).
v0.2.0 will support using S3 pre-signed URLs, but these by default can only be made available on a time-based expiry, and we don't have any easy way of working out whether a previously-generated URL is still valid or not so the module generates a new one every time.
At the expense of memory and processing time, when the file is requested we could instead stream the data down. This would be more secure (only allowing files via a controller directly) and less dependent on AWS.
This would probably be opt-in via configuration, as some files might not be worth streaming down (e.g. large files).