Mastodon loaded assets opening as attachments instead of inline

I’m attaching a comment that I’ve received from a Mastodon member concerning the images that we have loaded from Storj on our instance. Basically, if you view an image from the web app, it displays inline. If you then click to enlarge that image and try to do something such as open in a new tab, copy that link, download, etc, it takes you to an attachment page instead of the inline image.

We did go through the step of changing /s/ to /raw/ as outlined here in the Storj Mastodon doc

I think something has changed re pictures.

When I right-click on a picture to open in new tab, Firefox only saves to disk.

I guess I found the reason: “Content-Disposition” is “attachment” instead of “inline”.


all images on all instances.

Example: Decolonize Your Bookshelf🧡: "As a little girl, I only ever saw people like me …" - Mastodon

If I first click to open (as an overlay), then right-click “open in new tab”, I get this URL:

(notice the “techlgbt/cache”!)

and Firefox wants to save.

When I right-click + “open in new tab” on the image in the post, the URL is

[URL of asset from third-party instance storage]

and it opens in a new tab

So I guess, it’s mastodons caching itself.

One suggestion is that the content header of “Content-Disposition” is “attachment” instead of “inline”.

Is this something that we can change in our Storj configuration?


For a number of security and phishing reasons, itself won’t serve raw content without a download attachment disposition. However, this requirement goes away if you use your own domain name for your Storj bucket, instead of

Please see the note in the bottom paragraph of Mastodon - Storj DCS Docs for more details!


Thank you for the quick response. I’ve tried setting up a subdomain of my instance to use as the domain, and set the DNS records up.

These URLs do not appear to be working to view content, and the error that I’m getting is a Storj page that says “Malformed request. Please try again.”

I’m unsure, having followed the details on setting up a subdomain, what I should be using for , if anything, since I am only using the bucket for the one site.

Additionally, since the subdomain is pointing to Storj, am I able to use certbot to self-sign a Let’s Encrypt certificate from my server, or is a third party solution required to get an SSL certificate?

It’s tough to say what’s configured wrong without more details. If you want to send the domain name in to we can take a look at the configuration.

In terms of TLS certs for the domain, we don’t currently offer TLS (though we’re working on adding it!). A good way to add TLS for the domain is to use a third party solution such as Cloudflare’s free TLS cert wrapping service.

Good luck!

1 Like

Such error usually appear when you did not configure the DNS properly.
It should have these records:

$TTL    3600
www    	    IN	CNAME
txt-www 	IN	TXT  	storj-root:<bucket>/<prefix>
txt-www 	IN	TXT  	storj-access:<access key>

And you can use the domain name as an URL for your bucket, i.e.

Regarding TLS, you may also use your own reverse-proxy with TLS support (NGINX for example) on your server, where you run mastodon.