Forum Academy Marketplace Showcase Pricing Features

AWS S3 Storage. Public vs Private

So I’m trying to understand AWS S3.
Trying to send my images to my S3 database, where its more feasible to store lots of images than the standard Bubble storage.

a) am I correct that when you upload files to Bubble storage, its all public? I can’t see in any of the plugins the ability to select private, and I’m also able to view the images directly from a browser.

Is that the best practice?
I can understand the benefits of making it easier to work with, especially cross-platform.

b) so at the moment, a copy is being uploaded to bubble storage which is public, and another copy is being sent to my s3 which is private by default.

How do you guys deal with this situation usually?
I had always assumed Bubble storage was private by default (which with my newfound knowledge, I think I was wrong to assume so)

I need to GET the personal S3 URL, switch out the URL link, and allow bubble to GET images as required.

The best reference I can find is this thread, How to clone a file uploaded to Bubble S3 - #9 by james.puddicombe
But I think its referring to Bubble storage.

Whereas with private AWS storage, you have to deal with CORS or REST API with auth.

I hope this makes sense. Sorry I’m pretty new to all of this.

Get it to where? to the front-end DOM where a native img tag needs to fetch from remote S3 repo . No CORS here - code the img.src attr value w the url to the remote s3 bucket ( permissions == public ) . It should just work.

IMO CORS wont be an issue if you are fetching from server side ( a workflow or some bubbl-thing running server-side.

IF the fetch comes from client , then yes there is CORS but as long as the 3rd party server is config’d to run default CORS AND as long as you can set headers on the fetch request in the call from bubble, it will just work … dtl on last bit below -

On the client, note all the headers in use in the api connections call to S3 . For example if you have 3 diff headers then add a 4th header of type “Access-Control-Request-Headers” supplying a value enumerating the other 3 headers in use. On the Remote S3 w the default cors policy , it should be OK with any of the headers mentioned.

Server sample ( node express w CORS that just works )

app.use(cors())
...
app.options('/awsupl', cors());
app.post('/awsupl', cors(), function(req, resp, next) {

front end sample on bubble client Note “headers”

more tools → github repo - node tools 4 bubble

1 Like

wow! :clap: :clap: :clap: