Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django storage s3 media url is https:// instead of http://

When serving media with django-storage s3, the media url that is being generated is something like this:

https://mybucket.s3.amazonaws.com/myimage.jpg?Signature=5ifoyLqzmtfVNS1ovfzVvN92RH0%3D&Expires=1363124819&AWSAccessKeyId=AKIAJ7ZTU7K4SPYKGOFA

Causing the images to not be displayed because of https:

    You attempted to reach mybucket.s3.amazonaws.com,
 but instead you actually reached a server identifying itself as *.s3.amazonaws.com.
 This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of mybucket.s3.amazonaws.com.

I need the images to be served as HTTP not HTTPS

My settings are:

DEFAULT_FILE_STORAGE = 'storages.backends.s3boto.S3BotoStorage'
AWS_ACCESS_KEY_ID = "AKIAJ....K4SPYKGOFA"
AWS_SECRET_ACCESS_KEY = "2Y7G98JoCRzAEp....rPoCjWZuwDaQ"
AWS_STORAGE_BUCKET_NAME = "mybucket"

I tried set the media_url, and s3_url to normal http, but it didn't change anything.

I'm using django 1.5

like image 275
YardenST Avatar asked Mar 12 '13 21:03

YardenST


2 Answers

You could probably solve this with a single AWS_S3_SECURE_URLS = False. However these settings are in flux as of the current version 1.1.6 so here's a bit more detail on related settings:

AWS_S3_SECURE_URLS = False
AWS_S3_URL_PROTOCOL = 'http'
AWS_STORAGE_BUCKET_NAME = 'mybucket'
AWS_S3_CUSTOM_DOMAIN = '%s.s3.amazonaws.com' % AWS_STORAGE_BUCKET_NAME

AWS_S3_URL_PROTOCOL is the new way and if set to an empty string allows protocol relative URLs. For backwards compatibility you still need AWS_S3_SECURE_URLS. And at the moment AWS_S3_CUSTOM_DOMAIN is necessary if you are using AWS_S3_URL_PROTOCOL. Here's some developer discussion on implementing protocol relative URLs with the S3Boto backend.

It's also worth noting Django-storages provides an S3 backend as well as a different S3Boto backend. Your question doesn't make the one you are using clear though your code does.

like image 128
JCotton Avatar answered Nov 04 '22 05:11

JCotton


I would try adding this property to your settings:

AWS_S3_SECURE_URLS = False

It doesn't look like it's documented after a brief glance at the django-storages docs, but this blog talks about it a bit more. http://www.eliotk.net/05/30/force-http-with-django-storages-and-s3boto/

like image 40
Eric Ressler Avatar answered Nov 04 '22 05:11

Eric Ressler