You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First off, thank you for the great library. Using S3 signed URLs is an awesome addition to Django S3 backed storage.
Secondly, I just wanted to put an idea out there. Sometimes we may not want all django-storages backed file uploads to use s3 pre-signed URLs, maybe some files require server processing, there are security issues with pre-signed URLs in some parts of the application, or maybe we just want to use it for large uploads only. Currently this can be accomplished by not registering the app in INSTALLED_APPS or creating a custom wrapper app that omits the widget patching magic:
class CustomS3FileConfig(S3FileConfig):
def ready(self):
from s3file.checks import storage_check
checks.register(storage_check, checks.Tags.security, deploy=True)
INSTALLED_APPS = [
...
"project.apps.app_name.apps.CustomS3FileConfig",
...
]
then a custom widget can be specified for only the fields that should use pre-signed URLs:
class DirectToS3FileWidget(S3FileInputMixin, widgets.ClearableFileInput):
pass
class CustomForm(forms.Form):
regular_file_upload= forms.FileField(widget=DirectToS3FileWidget)
presigned_file_upload = forms.FileField()
The first approach of not registering the app means it isn't in the app registry and doesn't include statics files. The second approach works fine but I was wondering if a setting that can turn off the widget patching magic might be a good idea? Something like:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
First off, thank you for the great library. Using S3 signed URLs is an awesome addition to Django S3 backed storage.
Secondly, I just wanted to put an idea out there. Sometimes we may not want all django-storages backed file uploads to use s3 pre-signed URLs, maybe some files require server processing, there are security issues with pre-signed URLs in some parts of the application, or maybe we just want to use it for large uploads only. Currently this can be accomplished by not registering the app in
INSTALLED_APPSor creating a custom wrapper app that omits the widget patching magic:then a custom widget can be specified for only the fields that should use pre-signed URLs:
The first approach of not registering the app means it isn't in the app registry and doesn't include statics files. The second approach works fine but I was wondering if a setting that can turn off the widget patching magic might be a good idea? Something like:
Maybe there is a better way to do this but it seems having the ability to mix and match upload types would be a good feature.
Anyway, thanks again for your work on this library.
Beta Was this translation helpful? Give feedback.
All reactions