R
R
Ruslan Galiev2014-07-23 14:14:26
Ruby on Rails
Ruslan Galiev, 2014-07-23 14:14:26

Rails + Devise how to prevent unauthorized users from accessing files in the public directory?

Hello
Tell me how you can restrict access to files in the public directory to unauthorized users:

http://server.com/uploads/product_photo/02d13ce6-ff11-4194-ba86-b1ab38d90ed7.jpg

such requests are not authorized. If the only option is to move the photos to another directory, then which tmp ?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
I
Ivan Kryak, 2014-07-24
@HerMajor

1. close the /uploads/product_photo folder with nginx
2. Add a controller/method in the application that will receive the file name, check the file for existence, check user authorization
3. If everything is ok, send the file using send_file

D
Dmitry Snegirev, 2014-07-23
@Rikkit

As far as I understand in rails, you cannot restrict access to files in the /public folder, for good they are given directly through nginx.
The folder can be used /private/uploads for example. A logical contrast to the public folder.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question