After uploading a file to S3 and saving its data to my model, I get to call
image_url in image tags and such. However…something about having all that credential information as part of a url that I want to be a publicly readable file strikes me as sort of…odd? If my understanding is correct, and it’s used for signing uploads, is there any reason why all this remains in the url? Would this hurt me in any way?
I go to my console and type
model.image_url (or just copy image url in the browser) and get this:
Is it ok that X-Amz-Algorithm, X-Amz-Credential, X-Amz-Date, X-Amz-Expires, X-Amz-SignedHeaders, and X-Amz-Signature are public like this?
X-Amz-Credential is just my access key and date and such, so it doesn’t seem harmful, but what about X-Amz-Signature?
And X-Amz-Expires…what expires here? According to this a value of 900 is equal to 15 minutes, however I’ve been able to view this image hours later. Why would I want this?