Add comment to explain security concerns when using presigned URL

Signed-off-by: Daniel San <[email protected]>
parse-community · Feb 2, 2021 · 8edfec0 · 8edfec0
1 parent 2330ac6
commit 8edfec0
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/index.js b/index.js
@@ -184,6 +184,8 @@ class S3Adapter {
     let presignedUrl = '';
     if (this._presignedUrl) {
       const params = { Bucket: this._bucket, Key: fileKey, Expires: this._presignedUrlExpires };
+      // Always use the "getObject" operation, and we recommend that you protect the URL appropriately:
+      // https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html
       presignedUrl = this._s3Client.getSignedUrl('getObject', params);
       if (!this._baseUrl) {
         return presignedUrl;