Refers to:

https://github.com/shorwood/strapi-provider-upload-do/blob/34a8bcbe2d3b4af20952a23fc14d955d6be917ce/lib/index.js#L20C11-L20C11

If i use an absolute URL as CDN value (which is what its suppose to do) i get an incomplete URL returned from this method becauser URI.parseHost() should be URI.parse() - only then the method returns a valid URL

(node:3496095) NOTE: We are formalizing our plans to enter AWS SDK for JavaScript (v2) into maintenance mode in 2023.

Please migrate your code to use AWS SDK for JavaScript (v3).
For more information, check the migration guide at https://a.co/7PzMCcy
(Use `node --trace-warnings ...` to show where the warning was created)

Thank you for helping us get a very good package.
I get that message on my terminal when running my strapi v3.6 app. Along with that is the function of uploading images that can no longer work as before.
Hopefully we can find the problem and fix it soon.

I'm assuming the inability to post images and the above message (of AWS) are related.

Once again thank you very much team.

Hello :)

I discovered this provider today and I was wondering why it was created.

Since Digital Ocean is AWS S3 compatible, the official provider @strapi/provider-upload-aws-s3 can be used to connect to DO see: https://github.com/strapi/strapi/tree/main/packages/providers/upload-aws-s3#configuration-for-s3-compatible-services.

I was wondering if the official provider was enough or if it was missing something this provider is providing?

Hello,
In order to make the strapi-provider-upload-do work on localhost I had to customize the strapi::security in middlewares.js. Otherwise, all the links in the preview would be broken.

I used this config:

  {
    name: 'strapi::security',
    config: {
      contentSecurityPolicy: {
        useDefaults: true,
        directives: {
          'connect-src': ["'self'", 'https:'],
          'img-src': [
            "'self'",
            'data:',
            'blob:',
            'dl.airtable.com',
            'MY-DO-SPACES-URL.digitaloceanspaces.com',
          ],
          'media-src': [
            "'self'",
            'data:',
            'blob:',
            'dl.airtable.com',
            'MY-DO-SPACES-URL.digitaloceanspaces.com',
          ],
          upgradeInsecureRequests: null,
        },
      },
    },
  },

Questions:

• Should this be added to the docs?
• Is this the correct config?
• Is this a security concern?
• Is this needed only locally or also for production? (Haven't been able to deploy yet, so I'm not sure. Will update when I do.)

Could you update this dependency?
[email protected]

Update the code to use use AWS SDK V3.

Note, this was mentioned in issue #15, but it was not the focus of the issue, so moving it into an issue that focuses on it.

As part of this work, would it be worth adding typescript support?

The buffer is never removed from the file object when uploadStream is used by strapi. This causes strapi to store the buffer in the database.

Related strapi issue: 15154

My space has files and folders in it already, but they don't show in the media library.

It may be useful to convert the project to use Typescript.

At the same time, it maybe worth waiting until after issue #20 is implemented? Based on initial attempt showing it is less straightforward than expected.

I use dependency-scan and it worked out like this.

urijs  <=1.19.10
Severity: high
Incorrect protocol extraction via \r, \n and \t characters - https://github.com/advisories/GHSA-3vjf-82ff-p4r3
URL Confusion When Scheme Not Supplied in medialize/uri.js - https://github.com/advisories/GHSA-g694-m8vq-gv9h
Hostname spoofing via backslashes in URL  - https://github.com/advisories/GHSA-89gv-h8wf-cg8r
Open Redirect in urijs - https://github.com/advisories/GHSA-8h2f-7jc4-7m3m
Leading white space bypasses protocol validation - https://github.com/advisories/GHSA-gmv4-r438-p67f
Authorization Bypass Through User-Controlled Key in urijs - https://github.com/advisories/GHSA-gcv8-gh4r-25x6

Please upgrade urijs to more than 1.19.10.