Overview

I configured Strapi with the following plugin to store media in S3.

https://www.npmjs.com/package/@liashchynskyi/strapi-provider-upload-s3-cloudfront

At that time, the following error occurred and images were not displayed.

Refusedtoloadtheimage'https://xxx/uploads/yyy.jpg'becauseitviolatesthefollowingContentSecurityPolicydirective:"img-src'self'data:blob:dl.airtable.com".

I was able to resolve this issue by modifying ./config/middleware.js, as described in the following article.

https://zenn.dev/studiobros/articles/04400f413eb2aa

Regarding ACL

Similarly, I also encountered a situation where media could not be uploaded to S3. However, as described in the above article, by enabling S3 ACL and configuring the appropriate Block Public Access (bucket settings), I was able to upload successfully.

Summary

I hope this serves as a useful reference for building a headless CMS combining Strapi and S3.