From f77e196dc25c02ea882cd5d754cd6fd6a48c008a Mon Sep 17 00:00:00 2001
From: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Date: Fri, 10 Oct 2025 15:23:49 +0200
Subject: [PATCH 1/2] update lambda to handle secure s3 bucket

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
---
 hack/releaser/cloudfront-lambda-redirects.js | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/hack/releaser/cloudfront-lambda-redirects.js b/hack/releaser/cloudfront-lambda-redirects.js
index e5996559201e..a214d7ee560c 100644
--- a/hack/releaser/cloudfront-lambda-redirects.js
+++ b/hack/releaser/cloudfront-lambda-redirects.js
@@ -52,5 +52,22 @@ exports.handler = (event, context, callback) => {
         return
     }
 
+    // Handle directory requests by appending index.html for requests without file extensions
+    let uri = request.uri;
+
+    // Check if the URI has a dot after the last slash (indicating a filename)
+    // This is more accurate than just checking the end of the URI
+    const hasFileExtension = /\.[^/]*$/.test(uri.split('/').pop());
+
+    // If it's not a file, treat it as a directory and append index.html
+    if (!hasFileExtension) {
+        // Ensure the URI ends with a slash before appending index.html
+        if (!uri.endsWith("/")) {
+            uri += "/";
+        }
+        uri += "index.html";
+        request.uri = uri;
+    }
+
     callback(null, request);
 };

From a17d653877d0fffc9b46d6df63a6df91e44d4125 Mon Sep 17 00:00:00 2001
From: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Date: Fri, 10 Oct 2025 15:24:58 +0200
Subject: [PATCH 2/2] ci: don't set public acl when uploading files to s3
 bucket

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
---
 .github/workflows/deploy.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 75d7a729dde6..5cd10596325e 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -100,7 +100,6 @@ jobs:
         if: ${{ env.DOCS_S3_BUCKET != '' }}
         run: |
           aws --region ${{ env.DOCS_AWS_REGION }} s3 sync \
-            --acl public-read \
             --delete \
             --exclude "*" \
             --include "*.webp" \
@@ -109,7 +108,6 @@ jobs:
             --content-type="image/webp" \
             public s3://${{ env.DOCS_S3_BUCKET }}/
           aws --region ${{ env.DOCS_AWS_REGION }} s3 sync \
-            --acl public-read \
             --delete \
             --exclude "*.webp" \
             public s3://${{ env.DOCS_S3_BUCKET }}/