Question

How do I limit read permissions of django media files stored on digitalocean only to my frontend?

I have a django project with react.js frontend deployed to DigitalOcean where users can upload their files. I use a custom backend subclass of S3Boto3Storage from django-storages. I know I can make media files public by setting default_acl = "public-read", but I want to grant read access to these files only to the requests from my frontend, while keeping them private from all others. How can I do that?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hey there!

This looks like using CORs with Spaces may work to limit that access to your frontend only. You should be able to set the origin to the frontend’s URL to allow access.

Spaces CORS

Hope it helps! Nate