What’s the suggested method to use secure images on Discourse in a self-hosted instance?
I’m using Discourse Encrypt and I managing the CSP directives by my own.
Thanks! But I’m not using S3 and I’m asking about the CSP policies that seems to be totally different to the topic linked.
If your desire is for images not to be available to anyone with the image url, then you have to use aws S3 as described in that topic.
As it is image urls are fairly hard to guess, so they are pretty secure.
I don’t believe that Discourse encrypt makes uploads secure.
It can encrypt uploads in PMs.
3 Likes
Well, shows what I know! What does it do, embed them in the text in the message? I’ve been meaning to check it out.
So what’s the answer to the OP?
Maybe I didn’t detail in a proper way my question. I have an issue setting up Encrypt Personal Messages because img-src plus default-src CSP directives (disabled from Discourse management for enable this plugin).
I suspect there is something to configure enabled in Discourse as default without PMs encryption that I need to set.