All threads / Using Activestorage how do I restrict a file that can only be accessed through links and not outside the website?

Ask A Question

Notifications

You’re not receiving notifications from this thread.

Using Activestorage how do I restrict a file that can only be accessed through links and not outside the website?

PDG Creative asked in Rails

So if you copy the link of the rails blob and paste it ( incognito ) it basically downloads the file how is this remedied?

so if the link would be

https://p66.test:3000/rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBEQT09IiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--490f8acaee978a2fea812761494b23b55702df37/users-2020-06-10.csv?disposition=attachment

how can I restrict a person from just using that link outside of the website?

I'd paypal $50 for the answer!

I think you can restrict the access by creating another controller route, which dynamically return data depending on request.referer.

So for example, you'd have DownloadsController with a users_csv action. You can then do

if URI(request.referer).host == 'myappdomain.com'
  send_data ...
else
  render json: { errors: ['Permission Denied'] }, status: 403
end
Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 51,723+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

    © 2021 GoRails, LLC. All rights reserved.