Securing file upload - Need Help!

These are presigned URLs, meaning that specific link expires in a certain amount of time and is public, but it took someone private that has access to be able to generate that link in the first place.

Try clicking that previous link now, it says it has expired. If you try to view the file again from inside your app/editor you’ll notice the link it different, it generated a new one that will expire soon too.

Perhaps what you’re chasing is a S3 bucket policy that only lets someone view it if they are being referred from your app’s domain (they clicked a link from your app only), that would require your own S3 bucket and you would upload directly to it (plugin required)

1 Like