Same problem here. We have js files that run in our own software, nothing that would ever do anything in a browser.
We managed to fix the discourse download problem by moving all uploads to an S3 bucket and setting s3_use_cdn_url_for_all_uploads to true. This essentially bypasses the short-url controller which appears to be the show stopper for js files.
In detail (from my AI which walked me through this):
- Set up S3-Compatible Storage (e.g., Cloudflare R2)
Discourse cannot safely serve .js files from the local disk. Move them to a bucket.
-
Bucket: Create a private bucket (e.g.,
my-discourse-bucket). -
API Keys: Generate an Access Key and Secret Key.
2. Configure a Custom CDN Domain
In Cloudflare (or your provider), connect a custom domain to your bucket (e.g., cdn.example.com). This ensures files are served as static assets via a direct URL, bypassing the Discourse “security guard.”
3. Update Discourse Settings
In Admin → Settings, configure your S3 details. Crucially, enable the following to ensure Discourse doesn’t try to “sign” the URLs with temporary headers that can break:
-
s3_use_cdn_url_for_all_uploads: Check this box (This is the most important step). -
s3_cdn_url: Set tohttps://cdn.example.com. -
s3_region: Useus-east-1(for R2 compatibility).
4. Migrate Existing Uploads (optional)
Note: This did NOT work for us for unknown reasons.
To fix old links in existing posts, enter your container and run:
Bash
# Inside /var/discourse
./launcher enter app
rake uploads:migrate_to_s3
rake posts:rebake
Hope this helps someone.