- Move secure media cache seconds into hidden site setting and increase cache time and presigned URL expiry to 5 minutes
- Change uploads controller to respect this as well as the presigned URL expiry. Secure media route expires in 5 mins - 5 seconds, and the presigned url expires in 5 mins.
- This is done because of the composer preview refreshing while typing causes a lot of requests sent to our server because of the short URL expiry. If this ends up being not enough we can always increase the time or explore other avenues (e.g. GitHub has a 7 day validity for secure URLs)
Now that this is a variable, should we run this validation in a site setting validator?
This looks good to me, I just think we should add a minimum and maximum value for the site setting to make sure it can’t be broken by accident. Maybe minimum 10, maximum 1080 (1 week)?
The title of this pull request changed from “FIX: Move secure media cache seconds into hidden site setting and increase time” to "FIX: Increase time of DOWNLOAD_URL_EXPIRES_AFTER_SECONDS to 5 minutes
This pull request has been mentioned on Discourse Meta. There might be relevant details there: