How can I protect static assets behind authentication. I''m familliar with protecting dynamic pages but how to protect static files? An example would be : someone login to my application, upload a picture and authorize only some users to see this picture. How to avoid someone to access the picture, even if this pperson knows the correct url of the file. The solution is probably to let rails handle static files, but how to force this behavior and how to handle differents file types (probably through sendfile). Greetz -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Geoffroy Gomet wrote:> How can I protect static assets behind authentication. > I''m familliar with protecting dynamic pages but how to protect static > files? > > An example would be : someone login to my application, upload a > picture and authorize only some users to see this picture. > How to avoid someone to access the picture, even if this pperson knows > the correct url of the file. > > The solution is probably to let rails handle static files, but how to > force this behavior and how to handle differents file types (probably > through sendfile).In most production environments web resources (files under $RAILS_ROOT/public) are served to the client by the web server (Apache, Nginx, etc.). Your Rails application, and therefore your authentication, are not involved at all. The easiest solution is to move the files you want to deliver outside of the public folder and serve them to the client from your Rails application using send_file: http://railsapi.com/doc/rails-v2.3.5/classes/ActionController/Streaming.html#M001587 Take special note of the :x_sendfile option. This will basically hand the bulk of the file streaming back to Apache. With send_file you''ll be able to control access to the protected files, by whatever means you wish. You would then be able to send the files just as you would normally send html to the client using Rails routing and controller actions. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Thank you, it was a big helper. I found all I needed thanks to you. Cheers Geoffroy On Mar 12, 9:44 pm, Robert Walker <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Geoffroy Gomet wrote: > > How can I protect static assets behind authentication. > > I''m familliar with protecting dynamic pages but how to protect static > > files? > > > An example would be : someone login to my application, upload a > > picture and authorize only some users to see this picture. > > How to avoid someone to access the picture, even if this pperson knows > > the correct url of the file. > > > The solution is probably to let rails handle static files, but how to > > force this behavior and how to handle differents file types (probably > > through sendfile). > > In most production environments web resources (files under > $RAILS_ROOT/public) are served to the client by the web server (Apache, > Nginx, etc.). Your Rails application, and therefore your authentication, > are not involved at all. > > The easiest solution is to move the files you want to deliver outside of > the public folder and serve them to the client from your Rails > application using send_file: > > http://railsapi.com/doc/rails-v2.3.5/classes/ActionController/Streami... > > Take special note of the :x_sendfile option. This will basically hand > the bulk of the file streaming back to Apache. With send_file you''ll be > able to control access to the protected files, by whatever means you > wish. You would then be able to send the files just as you would > normally send html to the client using Rails routing and controller > actions. > -- > Posted viahttp://www.ruby-forum.com/.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.