Contrib.social

Support Bucket owner enforced (recommended)

Open on Drupal.org β†’
Created on 22 December 2021, over 3 years ago
Updated 19 January 2024, about 1 year ago

Problem/Motivation

AWS now recommends disabling ACL for buckets. Any request made with changes to ACL (e.g. setting) will result in an error.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-owner...

Steps to reproduce

Create a bucket with "Support Bucket owner enforced (recommended)" and validate configuration (via /admin/config/media/s3fs/actions).

Proposed resolution

Provide a checkbox to skip all ACL operations. Users using "Support Bucket owner enforced" should then check this.

Remaining tasks

WIP patch

User interface changes

New checkbox in /admin/config/media/s3fs

API changes

NA (I hope)

Data model changes

NA (I hope)

✨ Feature request
Status

Active

Version

3.0

Component

Code

Created by

πŸ‡ΈπŸ‡¬Singapore squall3d

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 1 year ago β†’
    πŸ‡¬πŸ‡§United Kingdom shenzhuxi

    I don't think $settings['s3fs.upload_as_private'] = TRUE is sufficient now. With this setting, all the public files, included aggregated js/css, need the token to have permission to be accessed. Users need to set up "Presigned URLs" and timing cache to make the public files accessible. It won't work with Drupal 10 because https://www.drupal.org/project/drupal/issues/3027639 πŸ“Œ Make css/js optimized assets path configurable Fixed .

    I think this module should allow read access to public directory without the requirement of the token, so users can simply change the new $settings['file_public_base_url'] in Drupal 10.

  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States cmlara

    It won't work with Drupal 10 because https://www.drupal.org/project/drupal/issues/3027639 πŸ“Œ Make css/js optimized assets path configurable Fixed .

    That config option is only relevant for the assets:// scheme, which is not currently supported by s3fs. My current suggestion is we do not add support for assets:// as it is heavily tied to core and is stateless safe, see ✨ Add support for s3fs to use the assets:// stream wrapper Postponed .

    Users need to set up "Presigned URLs" and timing cache to make the public files accessible.

    That is one option, another (IMHO better) option is that the S3 Bucket Access Policy be configured to allow public access for the public paths in the bucket. Ive also heard of CDN's being able to use authenticated access to feed the public path. This is (lightly) noted in the README file.

    I think this module should allow read access to public directory without the requirement of the token, so users can simply change the new $settings['file_public_base_url'] in Drupal 10.

    $settings['file_public_base_url'] is used by the core public:// and its derivative scheme to change its base URL. in s3fs we do offer the CNAME configuration option that accomplishes the same feature to change the host a bucket is refereed to, though a feature request could be made for s3fs to use $settings['file_public_base_url'] as an override for the public:// s3fs scheme if that is what you are looking for, that isn't tied to Bucket Owner Enforced support.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024