Secure Uploads

6 posts were split to a new topic: How the media in the posts look like when secure uploads are enabled?

2 posts were split to a new topic: Do all uploads in Discourse go to the ‘original’ folder when using a CDN?

Quick question. This excerpt from the original post has me hesitant to enable this on a new server that I will be setting up:

Is this message still relevant in 2024? Is the feature considered stable? What types of issues could occur from enabling this feature?

I have no concerns with managing my AWS policies/infrastructure for this feature. My main concerns is whether the feature is buggy and could cause issues despite having properly configured AWS infra.

anyone? is this feature considered stable?

Hey AJ, the feature is relatively stable, but there are certain limitations to be aware of, so we generally recommend it only to sites that require it and require login to access all content.

On login required sites, one further limitation to be aware of is that chat does not yet support the feature. So when secure uploads are enabled, if chat is also used, then chat will be configured to disallow all uploads by default. That can only be overridden with a hidden site setting.

There are a few rough edges on private sites when moving or copying content between areas with different access. For example, copying the markdown from a PM to a topic will result in a missing image in the topic.

These sorts of issues are why we generally don’t recommend it at this time for public sites.

Similarly, toggling the setting on and off can lead to issues. The feature works best when enabled initially. There are some procedures for enabling it on existing sites that are not fully automated.

We do plan to improve that long term but aren’t actively working on improvements to the feature at this time.

Hope that helps.