89
Modify or allow for private/secured files
in progress
a
aksdevac
Allow uploading private files for Providers(S3, Google Cloud) which supports it.
Allow sharing private files using signed url with expiry time.
Add ACL support for files.
Some kind of folder support.
Currently we need to make S3 bucket public for reading.
Also It will make media library more useful & it will add more security to uploaded files, currently a person who knows the URL can share it with anyone in unrestricted manner. so it can't be used for user's file which only user & some limited people can see & share.
Activity Feed
Sort by
Derrick Mehaffy
in progress
Currently WIP in PR: https://github.com/strapi/strapi/pull/15773
Kohi
Big need for this. Using Strapi as a CMS for webcomics, we absolutely need a level of access control on comic page images.
Derrick Mehaffy
candidate
Ian
any news?
P
Paul Martin
Strapi is not usable for us without this feature. Leaving the contents of our Google storage bucket public for reading is not an option. It's not just that someone with the URL can share it - anything public on the internet will be found by someone looking hard enough. People scan Google IP space for instance. Hope you implement this soon!
Daniel Duckworth
The Supabase storage API has a method that might be relevant.
Public and Private Buckets
Storage buckets are private by default.
For private buckets, you can access objects via the download method. This corresponds to /object/auth/ API endpoint. Alternatively, you can create a publicly shareable URL with an expiry date using the createSignedUrl method which calls the /object/sign/ API.
Moritz Lübken
This needs to be implemented. Leaving the uploads exposed is an absolute no-go. Can't use Strapi this way.
Sharanjit Singh
We need this, as this will end up allowing an attacker can upload any file to the server
T
Torinagrippa
Secure files is a non-negotiable for enterprises. I hope you guys do this soon!
C
Carlos
We need this for sure!
Load More
→