签名/过期/访问密钥ID出现在URL参数中。 的Django /宝途/ S3

Question

Thumbnail URLS have params in them. I'm not sure why. I think they related to sorl-thumbnail or boto storage we're using. How do I remove the additional params from the URL? Are they coming from boto/s3 or sorl. I've no idea how to debug.

Answer 1

使用：AWS_QUERYSTRING_AUTH = False

Answer 2

The extra parameters that are being added are there to implement Query String Authentication . This allows you to pre-sign the URL to private resources stored in S3. As long as someone has the pre-signed URL (and it hasn't expired) they will be able to access these resources even though they are not publicly readable.

Without the extra parameters, there is no way to provide public access to these private S3 resources.

Answer 3

Works for me: AWS_QUERYSTRING_AUTH = False

using this https://github.com/mstarinteractive/django-s3storage

from myapp.s3storage import S3BotoStorage
from django.contrib.staticfiles.storage import CachedFilesMixin


class CachedStaticS3BotoStorage(CachedFilesMixin, S3BotoStorage):

    """Extends S3BotoStorage to save static files with hashed filenames."""
    pass
StaticRootS3BotoStorage = lambda: CachedStaticS3BotoStorage(location='static')

Answer 4

It's weird behaviour: Google Docs previewer will work and display a preview without the parameters, but will say no preview available if boto appends the signature.

<iframe src="{% trans "https://docs.google.com/viewer?embedded=true&amp;url=" %}{{ document.file.url }}" width="451" height="390" style="border: none;"></iframe>

I must be missing something.