S3 CDN URL ignored when uploading into posts

All of our traffic goes through CloudFront, and static content is fetched by CloudFront from one of several S3 buckets.

With uploads being sent to S3, Discourse embeds the content with a generic bucket URL despite our having s3 cdn url set. Once submitted, posts appear to use the correct URL set in s3 cdn url, although this may also be because we have DISCOURSE_CDN_URL set as well (both are set to the same URL).

The post preview window references the standard S3 URL seen in the unbaked post, though. This is a problem because we use a private ACL on files uploaded to our Discourse uploads bucket, as content on this bucket should never be accessed outside of CloudFront. The result is a broken image in the preview window.


Disappointing this has been reported for so many years with no fix.

@DanielMarquard Did you ever figure out a workaround, or were you forced to make your s3 ACL public?

I’m not sure it’s fair to suggest this is broken, as much as the more complicated implementation isn’t fully supported.

S3 uploads as documented work and behave correctly.

@Stephen Certainly up for interpretation…

To me it seems “broken” that it uses the CDN url in one instance and not the other, and it forces an S3 configuration that AWS actually recommends against (public ACL for an s3 bucket).

I’m new to the Discourse project in general, but can certainly work on a PR.

This may be worth fixing now - AWS is getting more serious about informing people of public read ACLs.


Given our current implementation no longer has an IMG tag eg:


It should be quite easy to apply a CDN to the above and it saves traffic.

@vinothkannans can you fix this up so preview uses the CDN url

Instead of preview showing:

<img src="//assets-meta-cdck-prod-meta.s3.dualstack.us-west-1.amazonaws.com/original/3X/6/6/66ef078b3ef9da9aa1b3356cb21fe22a0d25eaf0.png" alt="image" class="resizable" width="345" height="149">

We should show the CDN URL which is this:

<img src="https://d11a6trkgmumsb.cloudfront.net/original/3X/6/6/66ef078b3ef9da9aa1b3356cb21fe22a0d25eaf0.png" alt="image" class="resizable" width="345" height="149">

Now it’s fixed as per the below commit



This topic was automatically closed after 32 hours. New replies are no longer allowed.

Continuing the discussion from S3 CDN URL ignored when uploading into posts:

It seems like this issue has regressed, I can repro here on meta.


Can we check this @vinothkannans or @falco?


As per the recent change, we’re now getting the uploaded file’s URL from the initial upload request itself. Previously, we received it from the /uploads/lookup-urls.json endpoint. This commit should fix the issue.



Looks like this fix doesn’t cover custom emoji in the preview, for example :allthethings:.


This is also missing attachments like data exports or just any file attachment. Those still come from s3.

I can fix that!