Django amazon s3 可疑操作

【问题标题】:Django amazon s3 SuspiciousOperationDjango amazon s3 可疑操作
【发布时间】:2014-10-16 20:42:30
【问题描述】:

因此,当我尝试从浏览器访问 S3 上的某个图像时,一切正常。但是当 python 这样做时,我得到一个SuspiciousOperation 错误。 我的静态文件夹在 S3 上是公开的,所以我真的不知道这是从哪里来的。

Publication.objects.get(id=4039).cover.url
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/home/vagrant/.pyenv/versions/blook/lib/python2.7/site-packages/django/db/models/fields/files.py", line 64, in _get_url
    return self.storage.url(self.name)
  File "/home/vagrant/.pyenv/versions/blook/lib/python2.7/site-packages/queued_storage/backends.py", line 291, in url
    return self.get_storage(name).url(name)
  File "/home/vagrant/.pyenv/versions/blook/lib/python2.7/site-packages/queued_storage/backends.py", line 115, in get_storage
    elif cache_result is None and self.remote.exists(name):
  File "/home/vagrant/.pyenv/versions/blook/lib/python2.7/site-packages/storages/backends/s3boto.py", line 410, in exists
    name = self._normalize_name(self._clean_name(name))
  File "/home/vagrant/.pyenv/versions/blook/lib/python2.7/site-packages/storages/backends/s3boto.py", line 341, in _normalize_name
    name)
SuspiciousOperation: Attempted access to 'http:/s3-eu-west-1.amazonaws.com/xpto/static/images/default-image.png' denied.

我的设置:

AWS_S3_SECURE_URLS = True  # use http instead of https
S3_URL = 'http://s3-eu-west-1.amazonaws.com/%s' % AWS_STORAGE_BUCKET_NAME
MEDIA_ROOT = 'media/'
STATIC_ROOT = '/static/'
STATIC_URL = S3_URL + STATIC_ROOT
MEDIA_URL = S3_URL + '/' + MEDIA_ROOT

现在我可以解决它,但这不是一个长期的解决方案。有什么想法吗?

【问题讨论】:

    标签: django amazon-web-services amazon-s3 boto django-storage


    【解决方案1】:

    Danigosa 在这个帖子中的回答是: django-storages and amazon s3 - suspiciousoperation

    创建一个如本文所述的特殊存储类: Using Amazon S3 to store your Django sites static and media files.

    然后像这样覆盖_normalize_name

    from django.conf import settings
from storages.backends.s3boto3 import S3Boto3Storage


class StaticStorage(S3Boto3Storage):

    location = settings.STATICFILES_LOCATION

    def _clean_name(self, name):
        return name

    def _normalize_name(self, name):
        if not name.endswith('/'):
            name += "/"

        name += self.location
        return name


class MediaStorage(S3Boto3Storage):

    location = settings.MEDIAFILES_LOCATION

    def _clean_name(self, name):
        return name

    def _normalize_name(self, name):
        if not name.endswith('/'):
            name += "/"

        name += self.location
        return name

    最后——(至少在 Python 3 上)不要使用 

    {% load static from staticfiles %}

    在您的模板中。

    坚持:

    {% load static %}

    【讨论】:

    • 我认为应该是name = self.location + name 而不是name += self.location
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2018-02-22
    • 1970-01-01
    • 2013-09-09
    • 2017-12-04
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode