HTTP 403 when accessing an object in the bucket with public access prevention

[manoharramarao]

Describe the bug
If Google Cloud Storage bucket has prevent public access turned on, then it is able to upload the file but can't download the file or view the file with thumbnail inside strapi admin panel.

To Reproduce
Steps to reproduce the behavior:

1. Create a bucket in Google cloud storage
2. Navigate to buckets > in Google cloud console
3. Click on permissions
4. Click on Prevent Public Access
5. In strapi admin panel, Go to media library and try adding new asset.
6. File gets uploaded but thumbnail will not be shown

Expected behavior
Thumbnail needs to be shown and on click on the edit button > click on download buttong, it should allow to download file

Screenshots

[chereranull]

Id had the same error. You need to update security middleware.
You're blocked by csp.

[Fryuni]

The result of getSignedUrl is being appended with updatedAt=<current time> to form the thumbnail URL on the list page. This makes the request fail with mismatching signatures.

When you click on any such image, the thumbnail shown on the "details" modal has the same URL but without the updatedAt so the image loads fine.

It is unclear to me whether the updatedAt parameter is added by this plugin or by Strapi itself. If it is indeed this plugin's responsibility, then this problem can be fixed by clearing the cache of the stored signed URL whenever the image is updated or by including the update time in the signed blob.

If this is done at a layer above this plugin, on Strapi itself, then this problem is more tricky.

[Fryuni]

Indeed this is a problem on Strapi itself

• [Media Library] Thumbnail auto append datetime for img src strapi/strapi#18443