Ask A Question

Notifications

You’re not receiving notifications from this thread.

Using Activestorage how do I restrict a file that can only be accessed through links and not outside the website?

PDG+creative asked in Rails

So if you copy the link of the rails blob and paste it ( incognito ) it basically downloads the file how is this remedied?

Reply

so if the link would be

https://p66.test:3000/rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBEQT09IiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--490f8acaee978a2fea812761494b23b55702df37/users-2020-06-10.csv?disposition=attachment

how can I restrict a person from just using that link outside of the website?

I'd paypal $50 for the answer!

Reply

I think you can restrict the access by creating another controller route, which dynamically return data depending on request.referer.

So for example, you'd have DownloadsController with a users_csv action. You can then do

if URI(request.referer).host == 'myappdomain.com'
  send_data ...
else
  render json: { errors: ['Permission Denied'] }, status: 403
end
Reply
Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 85,376+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.