FEATURE: allow S3 ACLs to be disabled (#21769)

AWS recommends running buckets without ACLs, and to use resource policies to manage access control instead. This is not a bad idea, because S3 ACLs are whack, and while resource policies are also whack, they're a more constrained form of whack. Further, some compliance regimes get antsy if you don't go with the vendor's recommended settings, and arguing that you need to enable ACLs on a bucket just to store images in there is more hassle than it's worth. The new site setting (s3_use_acls) cannot be disabled when secure uploads is enabled -- the latter relies on private ACLs for security at this point in time. We may want to reexamine this in future.
2025-05-30 07:11:34 +08:00 · 2023-06-06 15:47:40 +10:00
parent d2ef490e9a
commit a98d2a8086
11 changed files with 103 additions and 13 deletions
--- a/lib/upload_recovery.rb
+++ b/lib/upload_recovery.rb
@ -150,7 +150,13 @@ class UploadRecovery
          old_key = key
          key = key.sub(tombstone_prefix, "")

-          Discourse.store.s3_helper.copy(old_key, key, options: { acl: "public-read" })
+          Discourse.store.s3_helper.copy(
+            old_key,
+            key,
+            options: {
+              acl: SiteSetting.s3_use_acls ? "public-read" : nil,
+            },
+          )
        end

        next if upload_exists