I have a question re using a CDN with secure uploads. In Secure Uploads - #118 by Falco it sounds like the CDN isn’t used for uploads but can be used for assets.
At the moment my CDN has GetObject access for my entire bucket. If I want uploads to be secure I need to change the BucketPolicy so that it is scoped just to assets. Can I do this via path? There are currently 3 directories in my uploads folder - assets, optimized and original. I’ve noticed that with secure uploads enabled discourse is fetching stuff from assets and optimized from the CDN.
So I could limit my bucket policy to only allow access to the CDN to /original but wanted to confirm - do all uploads end up in ‘original’ or are they sometimes in ‘optimized’?