Have a giant warning for signed urls not to be used for file types which can include relative paths

[brendanheywood]

ie html, css, maybe js, anything which contains a relative url which is no fully qualified will break when signed and loading the dependancies

[dmitriim]

Should we just exclude those file types and not rely on users?

[brendanheywood]

For the list of known filetypes yes, but there could be a long tail of weird unknown ones.

[vrioux]

Also, even if we exclude those files, the issue remains if those files then point to whitelisted filetypes that have been deleted from local storage but kept on object fs.