Amazon access key showing URL for Carrierwave and Fog
I just switched from storing my images uploaded via Carrierwave locally to using Amazon s3 via hazy stone in my Rails 3.1 app. While the images are being added, when I click on the image in my app, the url provides my passkey and signature. Here's an example URL (XXX replaced the string with information):
https://s3.amazonaws.com/bucketname/uploads/photo/image/2/IMG_4842.jpg?AWSAccessKeyId=XXX&Signature=XXX%3D&Expires=1332093418
This happens in development (localhost: 3000) and when I use heroku for production. Here is my bootloader:
class ImageUploader < CarrierWave::Uploader::Base
include CarrierWave::RMagick
storage :fog
def store_dir
"uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
end
process :convert => :jpg
process :resize_to_limit => [640, 640]
version :thumb do
process :convert => :jpg
process :resize_to_fill => [280, 205]
end
version :avatar do
process :convert => :jpg
process :resize_to_fill => [120, 120]
end
end
And my config / initializers / fog.rb:
CarrierWave.configure do |config|
config.fog_credentials = {
:provider => 'AWS',
:aws_access_key_id => 'XXX',
:aws_secret_access_key => 'XXX',
}
config.fog_directory = 'bucketname'
config.fog_public = false
end
Does anyone know how to make sure this information is not available?
UPDATE: adding controller view and code: from partial to users / show.html.erb:
<% if @user.photos.any? %>
<% for photo in @user.photos %>
<li class="span4 hidey">
<div class="thumb_box">
<%=link_to(image_tag(photo.image_url(:thumb).to_s), photo.image_url.to_s,
:class=>"lb_test") %>
...
</div>
</li>
<% end %>
<% end %>
users_controller.rb:
def show
@user = User.find(params[:id])
end
UPDATE: Adding the error page I get when removing the access key information from the url:
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>47077D6EC13AD1D8</RequestId>
<HostId>+HTeODcWTqv3gbRIAwf+lI6sPzfNTegDXjT9SnMdqrYr7gLD1TD0qN+OgMLwA1JO
</HostId>
</Error>
+3
source to share