Wonderful!
@mbcahyono could you please create a new topic for the plugin in plugin?
3 个赞
The Discourse Images Guardian plugin no longer works with the latest Discourse beta — you can’t set a URL for the logos any more so all images now require authentication, this results in the site logos returning 404’s for non-authenticated users, I have opened an issue for this on GitHub to see if we can find a way to solve this.
The Discourse Images Guardian has been updated by @mbcahyono so it now works with the latest Discourse beta, I have deployed it to a couple of servers running v2.3.0.beta1 
.
4 个赞
The Discourse Images Guardian plugin doesn’t currently work with the latest Discourse v2.3.0.beta5, I have had to disable it on a couple of sites. I have raised an issue for this on GitHub and hopefully @mbcahyono will have a suggestion for a fix for this soon.
2 个赞
Today we began internally trialling a new “secure media” setting, which is only usable if S3 uploads are enabled. What this will do is the following:
- For Discourse instances that have the “login required” setting enabled, all uploads are considered secure, but if the setting is not enabled, only private message uploads are considered secure.
- All securely uploaded media URLs within posts and private messages will no longer directly point to the file, but will go through an endpoint to determine access to the media first based on site settings.
- Secure media in emails are replaced by placeholder text prompting users to log in to the Discourse instance to view the media.
- If an upload has been used in a secure context previously, we do not allow posting the same upload in a public topic.
This setting is currently only available for self-hosted Discourse instances. We will provide further updates once we have completed internal trials.
14 个赞
What are the downsides of this? Does it effect performance at all?
The URL for media in posts/private messages is simply replaced with a Discourse server URL which then serves the private S3 URL for the upload.
2 个赞
Just to clarify here.
The downside is that you can not use a CDN anymore for private stuff and every image request / download has to “pipe” through the app to unlock the bucket for a user.
On small internal forums it is very unlikely you will notice anything. On a huge forums that require login, giving up the CDN and piping requests via the app may have some impact.
6 个赞
Image Guardian 插件无法与最新的 Discourse 配合使用,我已在 GitHub 上为此事开了一个 issue:
我确实尝试过使用 Secure uploads 选项,但这需要使用 S3,而有问题的论坛并非如此。因此,它仍然是必需的,希望 @mbcahyono 能够解决这个问题…… 
@chrisc 这里是假期,我下周再检查 
1 个赞
太棒了,谢谢 @mbcahyono,节日快乐!
这应该可以修复重建错误。不过我还没来得及测试实际功能。
1 个赞
太棒了 @mbcahyono 我已经安装并测试过了,一切正常 再次感谢!
1 个赞
@mbcahyono 是否有可能也保护用户上传的头像图标,使其在查看时需要 cookie?
它们的 URL 路径类似于 /user_avatar/$DOMAIN_NAME/$USER_NAME/$NUNBER/$ANOTHER_NUMBER.png。