1 files changed, 17 insertions, 4 deletions

diff --git a/activestorage/app/controllers/active_storage/disk_controller.rb b/activestorage/app/controllers/active_storage/disk_controller.rb
index a7e10c0696..75cc11d6ff 100644
--- a/activestorage/app/controllers/active_storage/disk_controller.rb
+++ b/activestorage/app/controllers/active_storage/disk_controller.rb
@@ -4,13 +4,12 @@
 # This means using expiring, signed URLs that are meant for immediate access, not permanent linking.
 # Always go through the BlobsController, or your own authenticated controller, rather than directly
 # to the service url.
-class ActiveStorage::DiskController < ActionController::Base
-  skip_forgery_protection if default_protect_from_forgery
+class ActiveStorage::DiskController < ActiveStorage::BaseController
+  skip_forgery_protection
 
   def show
     if key = decode_verified_key
-      send_data disk_service.download(key),
-        disposition: params[:disposition], content_type: params[:content_type]
+      serve_file disk_service.path_for(key), content_type: params[:content_type], disposition: params[:disposition]
     else
       head :not_found
     end
@@ -40,6 +39,20 @@ class ActiveStorage::DiskController < ActionController::Base
       ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
     end
 
+    def serve_file(path, content_type:, disposition:)
+      Rack::File.new(nil).serving(request, path).tap do |(status, headers, body)|
+        self.status = status
+        self.response_body = body
+
+        headers.each do |name, value|
+          response.headers[name] = value
+        end
+
+        response.headers["Content-Type"] = content_type || DEFAULT_SEND_FILE_TYPE
+        response.headers["Content-Disposition"] = disposition || DEFAULT_SEND_FILE_DISPOSITION
+      end
+    end
+
 
     def decode_verified_token
       ActiveStorage.verifier.verified(params[:encoded_token], purpose: :blob_token)