Open ankitsabharwal opened 4 years ago
Still seeing this in the latest 1.6 release. Unable to set security permissions to our S3 buckets and use Cloudfront distributions because of this issue.
Not sure if I am missing something here. Any help will be appreciated. Thank you!
Version information
Description
Images are uploaded on S3 with visibility set to 'public' by default even though visibility setting is not made in the config file as shown above
Steps To Reproduce
Steps to reproduce the behavior:
Expected behavior
As the visibility config is not set to 'public' images uploaded by default should not be granted public access. Note: This is not happening for other file types. On uploading pdf files or using the media picker this is working fine. Only, while using the Image formfield in Voyager I am facing this issue.
Additional context
On digging deeper, I saw that while writing the image objects the visibility object has been set to 'public'. On changing this to 'private' the images uploaded are not granted any public access.
https://github.com/the-control-group/voyager/blob/cbf9ceed421e6153323f659d502b5694b16c0b3b/src/Http/Controllers/ContentTypes/Image.php#L59
Also, this throws access denied error when I have blocked public access to the S3 bucket. As images are being uploaded with public access by default if the S3 bucket has 'Block All Public Access' as On, there are access denied errors as expected because Voyager is trying to write objects with 'public' visiblity.
This works perfectly fine while uploading pdf files. Pdf files uploaded through voyager are not granted public access and hence are uploaded successfully without the need of granting public access to the entire bucket (which cannot be given in my usecase)
Am I missing something here? Any help would be appreciated.