django-jet-reboot icon indicating copy to clipboard operation
django-jet-reboot copied to clipboard

Published 20 hours ago verified publisher icon assem-ch

Serving jet staticfiles with Django storages adding "amp;" to query string params resulting in 403 unautharized access

Open Jihad opened this issue 1 year ago • 5 comments

Not sure if this related to jet, but would love if anyone knows why?

Some staticfiles links have wrong params, what i noticed that they are only related to "django-jet" package.

Normal Django staticfiles URL:

https://daal.nyc3.digitaloceanspaces.com/static/css/admin.css?AWSAccessKeyId=****&Signature=***&Expires=1694226003

Django JET staticfiles URL:

https://daal.nyc3.digitaloceanspaces.com/static/jet/css/icons/style.css?AWSAccessKeyId=*****&Signature=*****&Expires=1694226003&v=1.3.3

This is causing request headers to have invalid names: Signature is now "amp;Signature:" param causing the issues

Note sure what is causing this? I couldn't find out why

Jihad avatar Sep 09 '23 01:09 Jihad

any progress on this issue?

foundyengineer avatar Nov 14 '23 10:11 foundyengineer

any progress on this issue?

Nope, I just made the few files public and avoided my problem the easy way like a champ :-)

Jihad avatar Dec 09 '23 16:12 Jihad

this seems related to jet_append_version , jet trying to add version to every static file url. this commit: https://github.com/assem-ch/django-jet-reboot/commit/6f4d23f05eba8b48279502ae84bcb25df09aa341#diff-a8d0fb07c3ab9dd6f9081cfbfb42a61ac878f1dbaa26fa2d65532bd867c3ffaf

assem-ch avatar Dec 09 '23 20:12 assem-ch

@foundyengineer can you make static files public, I dont think they need to be as signed urls

assem-ch avatar Dec 09 '23 20:12 assem-ch

I was able to fix this by adding the following to my AWS/S3 config: AWS_QUERYSTRING_AUTH = False

Hopefully this will help others as well!

derkweijers avatar Mar 19 '24 21:03 derkweijers