This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Accessing direct asset still works with Storage Asset Presets on Presets only #8882
Closed
3 tasks done
Preflight Checklist
Describe the Bug
With the Storage Asset Presets setting set on Presets only, we can still access an URL like
https://api.site.tld/assets/5dc1ea10-233b-449f-8d6b-bee77af038fe
, allowing to see the original uploaded file. This could be an issue, especially for full size images that we would like to protect?I know it is not the safest way to leave large size images on the internet, but at least that would be cool to disable this direct link without a
key
parameter in order to protect this "full size" file? If not, is there a way to restrict it on the front-end side with Caddy or Nginx?Just an idea.
To Reproduce
Just access an asset url like
api.site.tld/assets/5dc1ea10-233b-449f-8d6b-bee77af038fe
without anykey
parameterErrors Shown
No response
What version of Directus are you using?
9.0.0-rc.98
What version of Node.js are you using?
14.18.0
What database are you using?
MySQL
What browser are you using?
Brave
What operating system are you using?
macOS Big Sur (11)
How are you deploying Directus?
Locally and Docker
The text was updated successfully, but these errors were encountered: