diff options
author | George Claghorn <george@basecamp.com> | 2017-12-15 19:26:53 -0500 |
---|---|---|
committer | George Claghorn <george@basecamp.com> | 2017-12-15 19:26:53 -0500 |
commit | af0caadb8d9781770399c1804976af4a71d1313b (patch) | |
tree | 19fe95a35822990cba61915b3efd38b4ed5f1513 /activestorage/app/controllers/active_storage/blobs_controller.rb | |
parent | ca2c4cb7c4ee2f126e65ade6192a0c6b5ec58ffc (diff) | |
download | rails-af0caadb8d9781770399c1804976af4a71d1313b.tar.gz rails-af0caadb8d9781770399c1804976af4a71d1313b.tar.bz2 rails-af0caadb8d9781770399c1804976af4a71d1313b.zip |
Handle invalid signed blob IDs gracefully
Diffstat (limited to 'activestorage/app/controllers/active_storage/blobs_controller.rb')
-rw-r--r-- | activestorage/app/controllers/active_storage/blobs_controller.rb | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/activestorage/app/controllers/active_storage/blobs_controller.rb b/activestorage/app/controllers/active_storage/blobs_controller.rb index a17e3852f9..fa44131048 100644 --- a/activestorage/app/controllers/active_storage/blobs_controller.rb +++ b/activestorage/app/controllers/active_storage/blobs_controller.rb @@ -5,12 +5,10 @@ # security-through-obscurity factor of the signed blob references, you'll need to implement your own # authenticated redirection controller. class ActiveStorage::BlobsController < ActionController::Base + include ActiveStorage::SetBlob + def show - if blob = ActiveStorage::Blob.find_signed(params[:signed_id]) - expires_in ActiveStorage::Blob.service.url_expires_in - redirect_to blob.service_url(disposition: params[:disposition]) - else - head :not_found - end + expires_in ActiveStorage::Blob.service.url_expires_in + redirect_to @blob.service_url(disposition: params[:disposition]) end end |