Deleted assets are still available

Not sure if this is a glitch or by design, but assets that are added to a project are still available through their url even if they are deleted, or if the entire project is deleted.

1 Like

That is an advantage for you. Probably takes time to completely delete them or they are saved in server.
I never said it is a issue just implementing, it is a advantage for us :wink:

I never said it was an issue, just wanted to point it out :grin:

1 Like

I just noticed this too. For me it is an issue. I have sensitive assets that need to be deleted, but they’re currently permanently exposed to the web! This definitely needs to be addressed :grimacing:

You definitely don’t put sensitive information in your assets… However, it may be because it is cached on your local machine, and not on the server.

1 Like

This is old and I haven’t used glitch for a while, but assets are served from a CDN, the whole point of which is caching. If I recall correctly, they are removed after a while.

Also regarding sensitive assets, this article says that they’re not meant to be private, so shouldn’t be used for that: “Files saves in project assets will still be public”.

If I recall correctly, they are removed after a while.

Are you sure about that? When you click “delete” on an asset there are no requests sent to the server (open the network panel in dev tools to see). It’s possible that there’s a cronjob regularly crawling all the .glitch-assets files in all projects to see which assets are still referenced by projects, but that seems like a weird way to implement asset deletion.

I agree it’s not meant for sensitive things, but there are times when you’ve uploaded something that you wanted to be public and then later it turns out you don’t want that to be available anymore. Proper deletion is obviously a feature that should be available, otherwise it’s “oh well, you made a mistake and now it’s on the internet forever ¯\_(ツ)_/¯” which is obviously not great.

@cori would you be able to chime in here?

Probably best to not ping individual support members and to instead use the @glitch_support group :slight_smile:

Plus Cori isn’t active on the forums.

Ah, thanks! I didn’t know about glitch_support.

1 Like

They are not removed. I downloaded one of old projects and checked .glitch-assets file,

{ 
      "name":"sensitiveImage.jpg", 
      "uuid":"AAAABBBBCCCCDDD", 
      "date":"2017-10-16T18:03:35.373Z",
      "url":"https://cdn.glitch.com/yourprojectabracadabra/sensitiveImage.jpg",
      "type":"image/jpeg",
      "size":1670429,
      "imageWidth":1920,
      "imageHeight":2560,
      "thumbnail":"https://cdn.glitch.com/yourprojectanotherabracadabra/sensitiveImage.jpg",
      "thumbnailWidth":248,
      "thumbnailHeight":330,
      "dominantColor":"rgb(124,92,83)"
}

That is the file that was deleted 3 years ago, it just have another item to map it with deleted boolean.

{"uuid":"AAAABBBBCCCCDDD","deleted":true}

So the point is the file deleted in 2016 and 2017 are still there (found many of them) with full urls that I was able to download in full resolution.

Its kinda issue. As you said, if you drag something by mistake or thinking that you can quickly remove it later - its there forever, and most cases user will not even know that its public and available forever
@glitch_support @tasha Please?

1 Like

@nonpensavo you could email support@glitch.com and ask them about this!

If you want an asset really deleted, the Glitch team would manually have to delete it from their S3 buck. Like @khalby786, you need to contact support@glitch.com.