mirror of
https://github.com/discourse/discourse.git
synced 2025-02-25 18:55:32 -06:00
FEATURE: allow S3 ACLs to be disabled (#21769)
AWS recommends running buckets without ACLs, and to use resource policies to manage access control instead. This is not a bad idea, because S3 ACLs are whack, and while resource policies are also whack, they're a more constrained form of whack. Further, some compliance regimes get antsy if you don't go with the vendor's recommended settings, and arguing that you need to enable ACLs on a bucket just to store images in there is more hassle than it's worth. The new site setting (s3_use_acls) cannot be disabled when secure uploads is enabled -- the latter relies on private ACLs for security at this point in time. We may want to reexamine this in future.
This commit is contained in:
Matt Palmer
GitHub
@@ -1450,6 +1450,8 @@ files:
|
||||
regex: '^https?:\/\/.+[^\/]$'
|
||||
s3_configure_tombstone_policy:
|
||||
default: true
|
||||
s3_use_acls:
|
||||
default: true
|
||||
enable_s3_inventory:
|
||||
default: false
|
||||
s3_configure_inventory_policy:
|
||||
|
||||
Reference in New Issue
Block a user