Answer the question
In order to leave comments, you need to log in
Rails + Devise how to prevent unauthorized users from accessing files in the public directory?
Hello
Tell me how you can restrict access to files in the public directory to unauthorized users:
http://server.com/uploads/product_photo/02d13ce6-ff11-4194-ba86-b1ab38d90ed7.jpg
Answer the question
In order to leave comments, you need to log in
1. close the /uploads/product_photo folder with nginx
2. Add a controller/method in the application that will receive the file name, check the file for existence, check user authorization
3. If everything is ok, send the file using send_file
As far as I understand in rails, you cannot restrict access to files in the /public folder, for good they are given directly through nginx.
The folder can be used /private/uploads for example. A logical contrast to the public folder.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question