diff options
| author | David Heinemeier Hansson <david@loudthinking.com> | 2017-07-24 14:16:55 -0500 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2017-07-24 14:16:55 -0500 |
| commit | bb3458079e11c4a22271559413be4c9b901b4790 (patch) | |
| tree | 70e767628ecaea7fcce6bc0a0f60587e5837a48c /app | |
| parent | 6de1c0b7b5c35d0f1a19efc7c9d65af825d977ba (diff) | |
| download | rails-bb3458079e11c4a22271559413be4c9b901b4790.tar.gz rails-bb3458079e11c4a22271559413be4c9b901b4790.tar.bz2 rails-bb3458079e11c4a22271559413be4c9b901b4790.zip | |
Finish basic documentation for controllers
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/active_storage/blobs_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/active_storage/disk_controller.rb | 18 | ||||
| -rw-r--r-- | app/controllers/active_storage/variants_controller.rb | 4 |
3 files changed, 11 insertions, 13 deletions
diff --git a/app/controllers/active_storage/blobs_controller.rb b/app/controllers/active_storage/blobs_controller.rb index cf5c008841..05af29f8b2 100644 --- a/app/controllers/active_storage/blobs_controller.rb +++ b/app/controllers/active_storage/blobs_controller.rb @@ -1,4 +1,4 @@ -# Take a signed permanent reference for a blob and turn it into an expiring service URL for its download. +# Take a signed permanent reference for a blob and turn it into an expiring service URL for download. # Note: These URLs are publicly accessible. If you need to enforce access protection beyond the # security-through-obscurity factor of the signed blob references, you'll need to implement your own # authenticated redirection controller. diff --git a/app/controllers/active_storage/disk_controller.rb b/app/controllers/active_storage/disk_controller.rb index 986eee6504..ff10cfba84 100644 --- a/app/controllers/active_storage/disk_controller.rb +++ b/app/controllers/active_storage/disk_controller.rb @@ -1,18 +1,12 @@ -# This controller is a wrapper around local file downloading. It allows you to -# make abstraction of the URL generation logic and to serve files with expiry -# if you are using the +Disk+ service. -# -# By default, mounting the Active Storage engine inside your application will -# define a +/rails/blobs/:encoded_key/*filename+ route that will reference this -# controller's +show+ action and will be used to serve local files. -# -# A URL for an attachment can be generated through its +#url+ method, that -# will use the aforementioned route. +# Serves files stored with the disk service in the same way that the cloud services do. +# This means using expiring, signed URLs that are meant for immediate access, not permanent linking. +# Always go through the BlobsController, or your own authenticated controller, rather than directly +# to the service url. class ActiveStorage::DiskController < ActionController::Base def show if key = decode_verified_key - # FIXME: Do we need to sign or otherwise validate the content type? - send_data disk_service.download(key), filename: params[:filename], disposition: disposition_param, content_type: params[:content_type] + send_data disk_service.download(key), + filename: params[:filename], disposition: disposition_param, content_type: params[:content_type] else head :not_found end diff --git a/app/controllers/active_storage/variants_controller.rb b/app/controllers/active_storage/variants_controller.rb index 5d5dd1a63c..aa38f8e928 100644 --- a/app/controllers/active_storage/variants_controller.rb +++ b/app/controllers/active_storage/variants_controller.rb @@ -1,5 +1,9 @@ require "active_storage/variant" +# Take a signed permanent reference for a variant and turn it into an expiring service URL for download. +# Note: These URLs are publicly accessible. If you need to enforce access protection beyond the +# security-through-obscurity factor of the signed blob and variation reference, you'll need to implement your own +# authenticated redirection controller. class ActiveStorage::VariantsController < ActionController::Base def show if blob = find_signed_blob |