9👍
To remove the authentication credentials in the query string, set AWS_QUERYSTRING_AUTH = False in your settings.py. From django-storages documentation at https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html:
AWS_QUERYSTRING_AUTH(optional; default isTrue)Setting
AWS_QUERYSTRING_AUTHtoFalseto remove query parameter authentication from generated URLs. This can be useful if your S3 buckets are public.
0👍
What you see in X-Amz-Credentials is your access key. In Amazon context it is not considered sensitive information, so it can be stored in plain text.
- [Django]-Initial form data from model – Django
- [Django]-Extract only values without key from QuerySet and save them to list
0👍
if you set AWS_S3_CUSTOM_DOMAIN in settings.py,
django-storages will return custom-doamin without query string
you can reference below piece of code of class S3BotoStorage
def url(self, name, headers=None, response_headers=None, expire=None):
# Preserve the trailing slash after normalizing the path.
name = self._normalize_name(self._clean_name(name))
if self.custom_domain:
return "%s//%s/%s" % (self.url_protocol,
self.custom_domain, filepath_to_uri(name))
if expire is None:
expire = self.querystring_expire
return self.connection.generate_url(
expire,
method='GET',
bucket=self.bucket.name,
key=self._encode_name(name),
headers=headers,
query_auth=self.querystring_auth,
force_http=not self.secure_urls,
response_headers=response_headers,
)
- [Django]-Django OAuth Toolkit "resource-owner password based" grant type
- [Django]-Relative incremental ID by reference field
- [Django]-Thumbnails in the django admin panel using sorl