Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expiration time in URL attachments #10028

Open
NilHomedes opened this issue Nov 3, 2022 · 2 comments · May be fixed by #12683
Open

Expiration time in URL attachments #10028

NilHomedes opened this issue Nov 3, 2022 · 2 comments · May be fixed by #12683
Labels
type: bug Issues that describe a bug

Comments

@NilHomedes
Copy link
Member

Describe the bug
When you copy the URL of an attachment and share it with other people, the link is broken because the token generated expires.

To Reproduce
Steps to reproduce the behavior:

  1. Upload a PDF file in a participatory space or component
  2. From the frontend, click on the attachment to open the file in the browser
  3. Copy the URL from your address bar and share it with someone
  4. Wait 10 minutes
  5. Try to access again to the same URL
  6. See the error

For instance, try this link of an attachment from MetaDecidim:
https://ajbcn-meta-decidim.s3.eu-west-1.amazonaws.com/3wxq9s5urbsikbj3g8hicagl90wb?response-content-disposition=inline%3B%20filename%3D%22Programa_DecidimFEST22_300ppp.pdf%22%3B%20filename*%3DUTF-8%27%27Programa_DecidimFEST22_300ppp.pdf&response-content-type=application%2Fpdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIARXFVQ5FRJEUZE7HY%2F20221103%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20221103T090332Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=727e4598b330b4138dd89be7a1639a89fce7683397e1a9c6cdea47008a9cc797

Or this link from TryDecidim:
https://try.decidim.org/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDRG9JYTJWNVNTSWhibTlvYjNBeGJuSTNibm93YW10amJIaG9PWFJzWm1ZMk5XTnJZd1k2QmtWVU9oQmthWE53YjNOcGRHbHZia2tpVVdsdWJHbHVaVHNnWm1sc1pXNWhiV1U5SWtWNFlXMXdiR1ZrYjJOMWJXVnVkQzV3WkdZaU95Qm1hV3hsYm1GdFpTbzlWVlJHTFRnbkowVjRZVzF3YkdWa2IyTjFiV1Z1ZEM1d1pHWUdPd1pVT2hGamIyNTBaVzUwWDNSNWNHVkpJaFJoY0hCc2FXTmhkR2x2Ymk5d1pHWUdPd1pVIiwiZXhwIjoiMjAyMi0xMS0wM1QwOToyMDozNS45ODRaIiwicHVyIjoiYmxvYl9rZXkifX0=--becb950ef99a28a7f748f06a762ae231118408b8/Exampledocument.pdf?content_type=application%2Fpdf&disposition=inline%3B+filename%3D%22Exampledocument.pdf%22%3B+filename%2A%3DUTF-8%27%27Exampledocument.pdf

Expected behavior
I expect to have a permanent URL without any expiration time.

Screenshots
Captura de pantalla de 2022-11-03 16-33-02

Stacktrace
<Error> <Code>AccessDenied</Code> <Message>Request has expired</Message> <X-Amz-Expires>300</X-Amz-Expires> <Expires>2022-11-03T09:08:32Z</Expires> <ServerTime>2022-11-03T15:29:54Z</ServerTime> <RequestId>BSRQRVRABRNH1YMY</RequestId> <HostId>oTK/txk/mpRii/KCeVaoxpixonf4e4MkblZpU9H7jKfhUzbC2Uq56jAlBefFIHhbSVOKpLkMRXw=</HostId> </Error>

Extra data (please complete the following information):

  • Device: [e.g. Desktop]
  • Device OS: Ubuntu 22.04
  • Browser: Firefox and Chromium
  • Decidim Version: 0.27 and 0.26.3
  • Decidim installation: Metadecidim and TryDecidim
@NilHomedes NilHomedes added the type: bug Issues that describe a bug label Nov 3, 2022
@alecslupu
Copy link
Contributor

I have the same problem, i would look into something like:

I have not tried it on my end, yet, so I cannot specify what is the behavior.

# application.rb
config.active_storage.service_urls_expire_in = 10.years # default is 5.minutes

@alecslupu alecslupu mentioned this issue Feb 15, 2023
Open
@andreslucena andreslucena mentioned this issue Apr 10, 2024
Open
@ahukkanen ahukkanen linked a pull request Apr 10, 2024 that will close this issue
Draft
@ahukkanen
Copy link
Contributor

Some services such as Amazon S3 and Google Cloud files limit the signed URL expiration time to maximum of 7.days. So setting it to 10 years would not fix the problem.

This issue should be fixed by #12683 but it has to be used together with a sensible caching strategy, i.e. in this case expiring the cache once a week by minimum (when using S3). This is because the cache expiration times are not currently controlled in Decidim e.g. for content blocks which means they will stay in the cache as long as there is space left (and the caching system in use does not expire it by itself).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug Issues that describe a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix editor image routing mainio/decidim
3 participants
@alecslupu @ahukkanen @NilHomedes