Using Activestorage how do I restrict a file that can only be accessed through links and not outside the website?
So if you copy the link of the rails blob and paste it ( incognito ) it basically downloads the file how is this remedied?
so if the link would be
https://p66.test:3000/rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBEQT09IiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--490f8acaee978a2fea812761494b23b55702df37/users-2020-06-10.csv?disposition=attachment
how can I restrict a person from just using that link outside of the website?
I'd paypal $50 for the answer!
I think you can restrict the access by creating another controller route, which dynamically return data depending on request.referer.
So for example, you'd have DownloadsController
with a users_csv
action. You can then do
if URI(request.referer).host == 'myappdomain.com'
send_data ...
else
render json: { errors: ['Permission Denied'] }, status: 403
end