System Information
- Strapi Version: 4.5.1
- Operating System: Dockerised Debian GNU/Linux 11 (bullseye)
- Database: Postgresql
- Node Version: v18.11.0
- NPM Version: 8.19.2
- Yarn Version: 1.22.19
I’ve set up strapi-provider-aws-s3. plugins.js and bucket policies are configured correctly. The link in the media content page works when used outside the page, so it’s the correct link. But the CSP for the page doesn’t allow me to view the thumbnail content.
I’ve configured middlewares.js exactly as in the instructions
module.exports = [
// ...
{
name: 'strapi::security',
config: {
contentSecurityPolicy: {
useDefaults: true,
directives: {
'connect-src': ["'self'", 'https:'],
'img-src': [
"'self'",
'data:',
'blob:',
'dl.airtable.com',
'yourBucketName.s3.yourRegion.amazonaws.com',
],
'media-src': [
"'self'",
'data:',
'blob:',
'dl.airtable.com',
'yourBucketName.s3.yourRegion.amazonaws.com',
],
upgradeInsecureRequests: null,
},
},
},
},
// ...
];
Replacing bucket name and region name, obviously. But the CSP header never picks it up. It’s only ever the default CSP, which includes dl.airtable.com, but not my AWS S3 bucket.
I see other people have fixed their CSP problems by following the instructions for middlewares.js, but it’s not working for me.