AWS S3 documentation is incorrect and exposes inexperienced users by introducing security risk #3565
Assignees
Labels
Comments
|
Thanks for reporting this! I have tested s3 without public access and it still works. So you are absolutely right. This documentation change was a mistake. I will create a PR with the suggested improvements. |
mifi
added a commit
that referenced
this issue
Mar 15, 2022
mifi
added a commit
that referenced
this issue
Mar 15, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
b03613d
b03613d#commitcomment-68591568
This documentation change is incorrect. There is no second layer of security, and turning off the "block" will make "it work" because you're literally saying to remove access control. This has been in the docs for three years, and apparently people are following this advice, but it's not necessary (and incorrect).
Further
git blameshows that the author had not set up CORS correctly in the first place: de9effd, which is likely what led to the 403s.For future reference, please don't write instructions that are unverified, based on a hunch, as if they're facts.
I recommend reverting this commit (but keeping the second one, because that one is correct), and perhaps adding some sort of guidline to CONTRIBUTING.md. Claims like this should at least be covered by a platform (AWS) doc or forum post.
The text was updated successfully, but these errors were encountered: