remove incorrect s3 documentation (#3571)

closes #3565

.github/CONTRIBUTING.md

@@ -326,6 +326,8 @@ category: "Other Integrations"
 
 This data is used to generate Uppy’s website. Refer to [the section about running the website locally](#website-previews) if you’d like to see how the docs look on the website.
 
+Any change of the documentation that involves a security best practice must substantiated with an external reference. See [#3565](https://github.com/transloadit/uppy/issues/3565).
+
 ### Adding an example
 
 You can likely use whatever code generation tool for your framework (ex. `create-react-app`) to create this example. Make sure you add the same version of `@uppy/core` to this as your peer dependency required, or you may run into strange issues. Try to include all the components are some of their functionality. [The React example](https://github.com/transloadit/uppy/blob/main/examples/react-example/App.js) is a great... well example of how to do this well.

website/src/docs/aws-s3-multipart.md

@@ -167,9 +167,9 @@ The default implementation calls out to Companion’s S3 signing endpoints.
 
 ## S3 Bucket Configuration
 
-S3 buckets do not allow public uploads by default. To allow Uppy to upload to a bucket directly, its CORS permissions need to be configured. This process is described in the [AwsS3 documentation](/docs/aws-s3/#S3-Bucket-configuration).
+This process is the same as the one described in the [AWS S3 plugin’s documentation](/docs/aws-s3/#S3-Bucket-configuration), except for a few differences.
 
-While the Uppy AWS S3 plugin uses `POST` requests when uploading files to an S3 bucket, the AWS S3 Multipart plugin uses `PUT` requests when uploading file parts. Additionally, the `ETag` header must also be exposed (in the response):
+While the AWS S3 plugin uses `POST` requests when uploading files to an S3 bucket, the AWS S3 Multipart plugin uses `PUT` requests when uploading file parts. Additionally, the `ETag` header must also be exposed (in the response). So the CORS policy needs to look like this:
 
 ```json
 [

website/src/docs/aws-s3.md

@@ -128,8 +128,7 @@ module.exports = {
 
 ## S3 Bucket configuration
 
-S3 buckets do not allow public uploads by default.
-To allow Uppy to upload directly to a bucket, at least its CORS permissions need to be configured, and you potentially need to change some of the _Public access settings_ that provide an extra layer of public access protection even if the correct CORS permissions are in place.
+S3 buckets do not allow public uploads for security reasons. To allow Uppy and the browser to upload directly to a bucket, its CORS permissions need to be configured.
 
 CORS permissions can be found in the [S3 Management Console](https://console.aws.amazon.com/s3/home).
 Click the bucket that will receive the uploads, then go into the `Permissions` tab and select the `CORS configuration` button.
@@ -208,10 +207,6 @@ The final configuration should look something like this (note that it defines tw
 ]
 ```
 
-Even with these CORS rules in place, you browser might still receive HTTP status 403 responses with `AccessDenied` in the response body when it tries to `POST` to your bucket. In this case, within the `Permissions` tab of the [S3 Management Console](https://console.aws.amazon.com/s3/home), choose `Public access settings`.
-
-It will list general _Public access settings for this bucket_, which can override the rules imposed by your CORS settings. Click on _edit_ to manage these settings. Under _Manage public access control lists (ACLs) for this bucket_, make sure that _Block new public ACLs and uploading public objects (Recommended)_ is unchecked, and _Save_ these settings.
-
 If you are using an IAM policy to allow access to the S3 bucket, the policy must have at least the `s3:PutObject` and `s3:PutObjectAcl` permissions scoped to the bucket in question.
 
 In-depth documentation about CORS rules is available on the [AWS documentation site](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html).