Amazon access key showing URL for Carrierwave and Fog

I just switched from storing my images uploaded via Carrierwave locally to using Amazon s3 via hazy stone in my Rails 3.1 app. While the images are being added, when I click on the image in my app, the url provides my passkey and signature. Here's an example URL (XXX replaced the string with information):


This happens in development (localhost: 3000) and when I use heroku for production. Here is my bootloader:

class ImageUploader < CarrierWave::Uploader::Base
 include CarrierWave::RMagick
 storage :fog
  def store_dir
  process :convert => :jpg
  process :resize_to_limit => [640, 640] 
  version :thumb do
    process :convert => :jpg
    process :resize_to_fill => [280, 205]
  version :avatar do
    process :convert => :jpg
    process :resize_to_fill => [120, 120]


And my config / initializers / fog.rb:

 CarrierWave.configure do |config| 
  config.fog_credentials = { 
     :provider               => 'AWS', 
     :aws_access_key_id      => 'XXX', 
     :aws_secret_access_key  => 'XXX',
  config.fog_directory  = 'bucketname' 
  config.fog_public     = false


Does anyone know how to make sure this information is not available?

UPDATE: adding controller view and code: from partial to users / show.html.erb:

<% if %>
  <% for photo in %>
    <li class="span4 hidey">
    <div class="thumb_box">
      <%=link_to(image_tag(photo.image_url(:thumb).to_s), photo.image_url.to_s,   
                                                       :class=>"lb_test") %>
  <% end %>
<% end %>



 def show
   @user = User.find(params[:id])


UPDATE: Adding the error page I get when removing the access key information from the url:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

  <Message>Access Denied</Message>



source to share

3 answers

What you see is a signed URL. Without the full url (including key, signature, expire), you will be denied access. It works as it should. And my guess is that the key is just a public key that is useless without your private key (which AWS has).




config.fog_public     = false


This is a non-default value :)



Try photo.image.url instead of photo.image_url. This is what I am using.



All Articles