diff --git a/server/presenters/env.ts b/server/presenters/env.ts
index 98e6aa9ea..270683fd3 100644
--- a/server/presenters/env.ts
+++ b/server/presenters/env.ts
@@ -6,6 +6,7 @@ export default function present(env: Record<string, any>): PublicEnv {
   return {
     URL: env.URL.replace(/\/$/, ""),
     AWS_S3_UPLOAD_BUCKET_URL: env.AWS_S3_UPLOAD_BUCKET_URL,
+    AWS_S3_ACCELERATE_URL: env.AWS_S3_ACCELERATE_URL,
     CDN_URL: (env.CDN_URL || "").replace(/\/$/, ""),
     COLLABORATION_URL: (env.COLLABORATION_URL || env.URL)
       .replace(/\/$/, "")
diff --git a/shared/editor/rules/attachments.ts b/shared/editor/rules/attachments.ts
index 328c96d01..5ea0385dd 100644
--- a/shared/editor/rules/attachments.ts
+++ b/shared/editor/rules/attachments.ts
@@ -21,8 +21,12 @@ function isLinkClose(token: Token) {
 function isAttachment(token: Token) {
   const href = token.attrGet("href");
   return (
-    href?.includes("attachments.redirect") ||
-    href?.startsWith(env.AWS_S3_UPLOAD_BUCKET_URL)
+    // internal
+    href?.startsWith("/api/attachments.redirect") ||
+    // external (public share are pre-signed and this is a reasonable way of detecting them)
+    ((href?.startsWith(env.AWS_S3_UPLOAD_BUCKET_URL) ||
+      href?.startsWith(env.AWS_S3_ACCELERATE_URL)) &&
+      href?.includes("X-Amz-Signature"))
   );
 }
 
diff --git a/shared/types.ts b/shared/types.ts
index 76d45f8a9..8587840c3 100644
--- a/shared/types.ts
+++ b/shared/types.ts
@@ -7,6 +7,7 @@ export type PublicEnv = {
   CDN_URL: string;
   COLLABORATION_URL: string;
   AWS_S3_UPLOAD_BUCKET_URL: string;
+  AWS_S3_ACCELERATE_URL: string;
   DEPLOYMENT: "hosted" | "";
   ENVIRONMENT: "production" | "development";
   SENTRY_DSN: string | undefined;