From acf6e8b34f9a4e5171568f9d55e0901d2dabc623 Mon Sep 17 00:00:00 2001 From: A Nomad Date: Wed, 25 Mar 2026 22:08:43 +0100 Subject: [PATCH 1/4] acl private --- website/modules/@apostrophecms/uploadfs/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/modules/@apostrophecms/uploadfs/index.js b/website/modules/@apostrophecms/uploadfs/index.js index 7e9a2419..02071f3a 100644 --- a/website/modules/@apostrophecms/uploadfs/index.js +++ b/website/modules/@apostrophecms/uploadfs/index.js @@ -9,7 +9,7 @@ const uploadfsOptions = { storage: 's3', bucket: getEnv('APOS_S3_BUCKET'), region: getEnv('APOS_S3_REGION'), - acl: process.env.APOS_S3_ACL || null, + acl: 'private', cdn: { enabled: true, url: getEnv('APOS_CDN_URL'), From f66727f59b88221f6308cac41aeb0f7843c0fc96 Mon Sep 17 00:00:00 2001 From: Ihor Masechko Date: Wed, 25 Mar 2026 23:45:24 +0200 Subject: [PATCH 2/4] fix(uploadfs): set S3 bucketObjectsACL to private by default --- website/modules/@apostrophecms/uploadfs/index.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/website/modules/@apostrophecms/uploadfs/index.js b/website/modules/@apostrophecms/uploadfs/index.js index 02071f3a..95215b76 100644 --- a/website/modules/@apostrophecms/uploadfs/index.js +++ b/website/modules/@apostrophecms/uploadfs/index.js @@ -9,7 +9,6 @@ const uploadfsOptions = { storage: 's3', bucket: getEnv('APOS_S3_BUCKET'), region: getEnv('APOS_S3_REGION'), - acl: 'private', cdn: { enabled: true, url: getEnv('APOS_CDN_URL'), @@ -33,6 +32,11 @@ if (aposS3Secret) { uploadfsOptions.key = getEnv('APOS_S3_KEY'); } +const aposS3BucketObjectsAcl = + process.env.APOS_S3_ACL || 'private'; +uploadfsOptions.bucketObjectsACL = aposS3BucketObjectsAcl; +uploadfsOptions.disabledBucketObjectsACL = aposS3BucketObjectsAcl; + const res = { options: { uploadfs: uploadfsOptions, From 8a81f8200da6d110fe19754635ae480f96597260 Mon Sep 17 00:00:00 2001 From: Ihor Masechko Date: Thu, 26 Mar 2026 00:02:30 +0200 Subject: [PATCH 3/4] fix lint error --- website/modules/@apostrophecms/uploadfs/index.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/website/modules/@apostrophecms/uploadfs/index.js b/website/modules/@apostrophecms/uploadfs/index.js index 95215b76..14d68499 100644 --- a/website/modules/@apostrophecms/uploadfs/index.js +++ b/website/modules/@apostrophecms/uploadfs/index.js @@ -32,8 +32,7 @@ if (aposS3Secret) { uploadfsOptions.key = getEnv('APOS_S3_KEY'); } -const aposS3BucketObjectsAcl = - process.env.APOS_S3_ACL || 'private'; +const aposS3BucketObjectsAcl = process.env.APOS_S3_ACL || 'private'; uploadfsOptions.bucketObjectsACL = aposS3BucketObjectsAcl; uploadfsOptions.disabledBucketObjectsACL = aposS3BucketObjectsAcl; From 915012c371fff373b4bc5b2d1243eec14c515ea7 Mon Sep 17 00:00:00 2001 From: Ihor Masechko Date: Thu, 26 Mar 2026 17:02:10 +0200 Subject: [PATCH 4/4] fix: avoid ACL settings by default for S3 uploads --- website/modules/@apostrophecms/uploadfs/index.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/website/modules/@apostrophecms/uploadfs/index.js b/website/modules/@apostrophecms/uploadfs/index.js index 14d68499..40a0d696 100644 --- a/website/modules/@apostrophecms/uploadfs/index.js +++ b/website/modules/@apostrophecms/uploadfs/index.js @@ -32,9 +32,11 @@ if (aposS3Secret) { uploadfsOptions.key = getEnv('APOS_S3_KEY'); } -const aposS3BucketObjectsAcl = process.env.APOS_S3_ACL || 'private'; -uploadfsOptions.bucketObjectsACL = aposS3BucketObjectsAcl; -uploadfsOptions.disabledBucketObjectsACL = aposS3BucketObjectsAcl; +const aposS3BucketObjectsAcl = process.env.APOS_S3_ACL; +if (aposS3BucketObjectsAcl) { + uploadfsOptions.bucketObjectsACL = aposS3BucketObjectsAcl; + uploadfsOptions.disabledBucketObjectsACL = aposS3BucketObjectsAcl; +} const res = { options: {