plane icon indicating copy to clipboard operation
plane copied to clipboard

Published 20 hours ago verified publisher icon makeplane

[bug]: On hosted Plane, uploaded files go to public s3 bucket

Open alext-extracellular opened this issue 7 months ago • 4 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Current behavior

When I upload a file using the hosted Plane.so app, the file is accessible at the same url for any unauthenticated browser.

Similar to #4181, but this is for the cloud hosted version. This is not desirable behaviour at all. Many people will put sensitive design documents in their issues, I'm sure.

Steps to reproduce

  1. Log in to hosted plane.so
  2. Open an issue
  3. upload any file
  4. copy url and open in unauthenticated browser
  5. File opens

Environment

Production

Browser

Google Chrome

Variant

Cloud

Version

latest cloud

alext-extracellular avatar Jul 16 '24 14:07 alext-extracellular