Using django-storages and the s3boto backend: x-amz-security-token is appended which I do not want

Question

I'm serving static content from s3 with django-storages. This works fine when using boto 2.5.X. But when I use boto >= 2.6 the url to s3 media get mangled; an extra variable is appended. The difference is that the x-amz-security-token gets appended (which I do not want). The media is not accessible at the url.

In my settings.py I use

AWS_QUERYSTRING_AUTH = False

The bad url:

https://mybucket.s3.amazonaws.com/static/style/css/layout.min.css?x-amz-security-token=AQoDYXdzEKj/76aRNkwEaoALUm866M8Z6Kc4aF/76aRNkjDcT70xSVB58kR%2BONYLf7y1z1pgqUX7fPRXVQjP9DYOZzcVdHCV27zybD/iPYT2C6rCEnvkQvhcq....

Any suggestions?

Answer 1

I have a better work around based on django-storages (version 1.1.8) which is

 AWS_S3_CUSTOM_DOMAIN = 'mybucket.s3.amazonaws.com'

This avoids django-storage calling boto's generate_url and just stitchs together the path to the resource. If you want to use auth to get you static files this won't work.

For the curious:

Static files on some parts of my site worked and other parts, like the admin, didn't work. That was connected to the difference between

{% load static %}

and

{% load staticfiles %}

Both define a block tag {% static %}, but they do different things. The one from static just prepends {{ STATIC_URL }}, the one from staticfiles using the storage's url method to get the url for the file. The django admin's {% static %} block from admin_static acts like the staticfiles one, using the storage.

By changing to using {% load staticfiles %} my site was equally broken everywhere when AWS_QUERYSTRING_AUTH = False and/or AWS_S3_SECURE_URLS = False. That pointed to the problem being basically in boto generate_url, that when querystring_auth is False, the x-amz-security-token still got set.