Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
strapi-provider-cloudflare-r2
Advanced tools
Readme
# using yarn
yarn add strapi-provider-cloudflare-r2
# using npm
npm install strapi-provider-cloudflare-r2 --save
# using pnpm
pnpm add strapi-provider-cloudflare-r2
provider
defines the name of the providerproviderOptions
is passed down during the construction of the provider. (ex: new AWS.S3(config)
). Complete list of optionsactionOptions
is passed directly to the parameters to each method respectively. You can find the complete list of upload/ uploadStream options and delete optionsSee the documentation about using a provider for information on installing and using a provider. To understand how environment variables are used in Strapi, please refer to the documentation about environment variables.
./config/plugins.js
or ./config/plugins.ts
for TypeScript projects:
module.exports = ({ env }) => ({
// ...
upload: {
config: {
provider: "strapi-provider-cloudflare-r2",
providerOptions: {
accessKeyId: env("CF_ACCESS_KEY_ID"),
secretAccessKey: env("CF_ACCESS_SECRET"),
/**
* `https://<ACCOUNT_ID>.r2.cloudflarestorage.com`
*/
endpoint: env("CF_ENDPOINT"),
params: {
Bucket: env("CF_BUCKET"),
},
/**
* Set this Option to store the CDN URL of your files and not the R2 endpoint URL in your DB.
* Can be used in Cloudflare R2 with Domain-Access or Public URL: https://pub-<YOUR_PULIC_BUCKET_ID>.r2.dev
* This option is required to upload files larger than 5MB, and is highly recommended to be set.
* Check the cloudflare docs for the setup: https://developers.cloudflare.com/r2/data-access/public-buckets/#enable-public-access-for-your-bucket
*/
cloudflarePublicAccessUrl: env("CF_PUBLIC_ACCESS_URL"),
},
actionOptions: {
upload: {},
uploadStream: {},
delete: {},
},
},
},
// ...
});
Where to find the configuration options
You can find all needed values in the Cloudflare dashboard unter R2
. All your buckets, your account ID and the access keys can be found there.
https://<ACCOUNT_ID>.r2.cloudflarestorage.com
Manage R2 API Tokens
to create a new token.Manage R2 API Tokens
to create a new token.Due to the default settings in the Strapi Security Middleware you will need to modify the contentSecurityPolicy
settings to properly display thumbnail previews in the Media Library. You should replace the strapi::security
string with the object below instead as explained in the middleware configuration documentation.
./config/middlewares.js
module.exports = ({ env }) => [
// ...
{
name: "strapi::security",
config: {
contentSecurityPolicy: {
useDefaults: true,
directives: {
"connect-src": ["'self'", "https:"],
"img-src": [
"'self'",
"data:",
"blob:",
env("CF_PUBLIC_ACCESS_URL").replace(/^https?:\/\//, ""),
],
"media-src": [
"'self'",
"data:",
"blob:",
env("CF_PUBLIC_ACCESS_URL").replace(/^https?:\/\//, ""),
],
upgradeInsecureRequests: null,
},
},
},
},
// ...
];
aws-sdk
configuration and AWS_...
env variablesAs the Clouflare R2 spec follows the AWS S3 spec we make use of aws-sdk
package to communicate with Cloudflare R2. Because of this dependency all AWS_...
env variables used to configure the aws-sdk
are still beeing pulled in by this dependency. If you do not want to configure any special functionality of the aws-sdk
then make sure to remove all AWS_...
env variables in you deployment.
Do not forget to configure your R2 Endpoint CORS settings as described here: https://developers.cloudflare.com/r2/buckets/cors/
The simplest configuration is to allow GET from all origins:
[
{
"AllowedOrigins": ["*"],
"AllowedMethods": ["GET"]
}
]
More safe would be to only allow it from your Strapi deployment Origins (better for production):
[
{
"AllowedOrigins": ["YOUR STRAPI URL"],
"AllowedMethods": ["GET"]
}
]
Strapi Plugin developed and maintained by trieb.work cloud consulting
FAQs
Strapi Cloudflare R2+CDN provider for strapi upload
The npm package strapi-provider-cloudflare-r2 receives a total of 610 weekly downloads. As such, strapi-provider-cloudflare-r2 popularity was classified as not popular.
We found that strapi-provider-cloudflare-r2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.