Skip to content

frappe appends fid to certain urls when they are private causing key query to fail #135

Description

@rparsimony

In certain configurations, the private files that uploaded to S3 get an "fid" appended to the url, 'causing them to fail the query for a key match. This is happening a lot in comments/notes when some one uploads a file/image and drops it into the comments or notes. The url looks like: https://<site_url>.com/api/method/retrieve?key=<bucket_name>///.jpg?fid= which gives a 404 not found error and leaves broken image artifacts.

You guys might have a better fix but this seems to address the issue.

@frappe.whitelist(allow_guest=True)
def retrieve(key: str) -> None:
if key:
# Clean the key if Frappe's core engine appended a ?fid token directly to it
if "?fid=" in key:
key = key.split("?fid=")[0]

            client = get_cloud_storage_client()
            signed_url = client.get_presigned_url(key)
            frappe.local.response["type"] = "redirect"
            frappe.local.response["location"] = signed_url
            return  # Ensure we exit so it doesn't overwrite with "Key not found"

    frappe.local.response["body"] = "Key not found"
  • Cheers

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions