Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only allow downloads of submissions if user is logged in / correct referrer / etc #66

Open
ywwg opened this issue Mar 29, 2017 · 1 comment
Open

Only allow downloads of submissions if user is logged in / correct referrer / etc #66

ywwg opened this issue Mar 29, 2017 · 1 comment
Labels
bug priority:medium privacy

Comments

@ywwg
Copy link
Owner

ywwg commented Mar 29, 2017

Right now the urls are public, they really shouldn't be.
@Katee
Copy link

Katee commented Mar 30, 2017
edited
Loading

Usually in production environments I have files go directly from the client to S3. You have the server generate presigned posts which go directly to a bucket you control on S3 and then you do any processing required to those files on a queue worker. You can easily make the files on S3 private and required requests to view them to be signed.

Heroku has a guide on setting this up and I have done it for a few projects. If there is an AWS/S3 account we can use I am happy to set this up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug priority:medium privacy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Katee @ywwg