S3: No presigned URLs for private buckets in Strapi v4.9.0

n2o · April 6, 2023, 3:02pm

Hello,

I tried to implement the new private s3 bucket support, which uploads my files as expected to an S3 Bucket at Scaleway. But when I want to access it, I do not get a presigned URL, which is why I can’t access the files.

The image is uploaded via the Strapi Admin Interface and the Thumbnail is broken, because the there is no public permission to access this files. Also, in the API response, there is no presigned URL.

How can I achieve that I get the presigned URLs via API and via the Admin panel?

Creating / deleting files works as expected via the Media Library. But accessing it is broken. Do you have any ideas? I am using the official aws-s3 plugin at the latest version.

{
upload: {
    config: {
      provider: "aws-s3",
      providerOptions: {
        s3Options: {
          accessKeyId: env("S3_ACCESS_KEY_ID"),
          secretAccessKey: env("S3_ACCESS_SECRET"),
          endpoint: env("S3_ENDPOINT"),
          params: {
            ACL: "private",
            signedUrlExpires: env("S3_SIGNED_URL_EXPIRES", 60 * 60 * 24 * 7),
            Bucket: env("S3_BUCKET"),
          },
        },
      },
    },
  },

}

The files are in the bucket.

System Information

Strapi Version: 4.9.0
Operating System: macOS 13.3
Database: sqlite
Node Version: v18.13.0
NPM Version: 8.19.3
Yarn Version: 1.22.19

EVANGELOS_MALLIDIS · April 11, 2023, 9:36am

I’m facing the same problem also with Bunny net. The urls for the thumbnails are broken.

n2o · April 19, 2023, 7:02am

Found the problem. I switched to a new bucket, where I wanted to test the encryption, but forgot to add it to the strapi::security directives. Here is the line in the official README: strapi/README.md at 28d82d333320d119ff5a3c6fae49d1d828e9bcb8 · strapi/strapi · GitHub

But this works only for the Media Library. All other references are still without the presigned URLs.

Long_Tran · April 23, 2023, 3:11pm

I confirm seeing the same issue. Media preview and linked admin content are showing presigned urls but when you hit /api/something?populate=* you will get bare unsigned urls which defeat the purpose of private buckets.

A discord thread is still active here Discord

Please fix asap, Strapi team. Thank you!

caenderl · May 2, 2023, 8:34am

Hi,
any update or solution on the presigned urls on content side?
Works fine in admin area but as you wrote, exposing the bare, unsigned urls makes no sense on a private bucket.

Thanks for any feedback.