Is there a way to secure uploaded photos that are shared in a non-public post? I’m new and have been testing my installation, and it seems that all photos, regardless of the aspects they are shared with, can be accessed on “/uploads/path_to_image.png”. My static files are currently being served by NGINX, which has no knowledge of users or roles. I was wondering if somebody has tackled this already in some way.
There has been a discussion about this exact topic less than two weeks ago:
Ah, thanks! Completely missed that.