diff options
| author | David Heinemeier Hansson <david@loudthinking.com> | 2017-07-23 11:06:06 -0500 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2017-07-23 11:06:06 -0500 |
| commit | c285c6824dc186e00040b7283877fea917050275 (patch) | |
| tree | a476b09a5702796e18fe4ec753919afae6832d79 /app/controllers | |
| parent | 46da4ee7daf1ecaa2fc47a260ccb58e119a1b5ea (diff) | |
| download | rails-c285c6824dc186e00040b7283877fea917050275.tar.gz rails-c285c6824dc186e00040b7283877fea917050275.tar.bz2 rails-c285c6824dc186e00040b7283877fea917050275.zip | |
Provide a BlobsController for stable blob URLs
We need to have stable urls for blobs and variants or caching won't work. So provide a controller that can give that and redirect to the service URL upon lookup.
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/active_storage/blobs_controller.rb | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/app/controllers/active_storage/blobs_controller.rb b/app/controllers/active_storage/blobs_controller.rb new file mode 100644 index 0000000000..5a527d0a33 --- /dev/null +++ b/app/controllers/active_storage/blobs_controller.rb @@ -0,0 +1,22 @@ +# Take a signed permanent reference for a blob and turn it into an expiring service URL for its download. +# Note: These URLs are publicly accessible. If you need to enforce access protection beyond the +# security-through-obscurity factor of the signed blob references, you'll need to implement your own +# authenticated redirection controller. +class ActiveStorage::BlobsController < ActionController::Base + def show + if blob = find_signed_blob + redirect_to blob.url(disposition: disposition_param) + else + head :not_found + end + end + + private + def find_signed_blob + ActiveStorage::Blob.find_signed(params[:signed_id]) + end + + def disposition_param + params[:disposition].presence_in(%w( inline attachment )) || "inline" + end +end |