I hate vague questions. What were you thinking when you asked for “this”?
Here are my current settings:
Discourse Setup:
- Standard single container install
- Setup as a subdomain: forums.domain.tld
- Standard S3 setup for uploads
- Uploads are saved on the S3
S3 Setup:
- Digital Ocean S3 Bucket
- Bucket turned on for external access
- No other security layers or permissions
CDN Setup:
- bunny CDN
- Allowed referrers setup: domain.tld and *.domain.tld
- The switch that killed Avatar access was to “Block Direct URL File Access”.
When turned on, all avatars received a 403 error. When turned off, avatars populate.
Non-Avatar Images:
- URL in Discourse:
https://cdn.domain.tld/optimized/3X/3/1/filename_#_size.jpeg
Avatar Images:
- URL in Discourse:
https://forums.domain.tld/user_avatar/forums.domain.tld/mazzini/48/776_2.png
A previous post, How are avatars stored and accessed?, indicates Discourse uses a proxy for avatars. Hence, the URL structure for avatars is not a standard image URL structure.
Within my system, avatars are either available from the S3 or the CDN. This indicates that some where/some how the avatar URL is converted to a CDN URL.
When this happens, the CDN considers the URL a direct access link and blocks access with a 403.
Hopefully, I answered the “this” question?