diff options
Diffstat (limited to 'activestorage/app/controllers/active_storage')
-rw-r--r-- | activestorage/app/controllers/active_storage/base_controller.rb | 10 | ||||
-rw-r--r-- | activestorage/app/controllers/active_storage/blobs_controller.rb | 2 | ||||
-rw-r--r-- | activestorage/app/controllers/active_storage/direct_uploads_controller.rb | 4 | ||||
-rw-r--r-- | activestorage/app/controllers/active_storage/disk_controller.rb | 4 | ||||
-rw-r--r-- | activestorage/app/controllers/active_storage/previews_controller.rb | 10 | ||||
-rw-r--r-- | activestorage/app/controllers/active_storage/representations_controller.rb (renamed from activestorage/app/controllers/active_storage/variants_controller.rb) | 6 |
6 files changed, 18 insertions, 18 deletions
diff --git a/activestorage/app/controllers/active_storage/base_controller.rb b/activestorage/app/controllers/active_storage/base_controller.rb new file mode 100644 index 0000000000..59312ac8df --- /dev/null +++ b/activestorage/app/controllers/active_storage/base_controller.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +# The base controller for all ActiveStorage controllers. +class ActiveStorage::BaseController < ActionController::Base + protect_from_forgery with: :exception + + before_action do + ActiveStorage::Current.host = request.base_url + end +end diff --git a/activestorage/app/controllers/active_storage/blobs_controller.rb b/activestorage/app/controllers/active_storage/blobs_controller.rb index fa44131048..92e54c386d 100644 --- a/activestorage/app/controllers/active_storage/blobs_controller.rb +++ b/activestorage/app/controllers/active_storage/blobs_controller.rb @@ -4,7 +4,7 @@ # Note: These URLs are publicly accessible. If you need to enforce access protection beyond the # security-through-obscurity factor of the signed blob references, you'll need to implement your own # authenticated redirection controller. -class ActiveStorage::BlobsController < ActionController::Base +class ActiveStorage::BlobsController < ActiveStorage::BaseController include ActiveStorage::SetBlob def show diff --git a/activestorage/app/controllers/active_storage/direct_uploads_controller.rb b/activestorage/app/controllers/active_storage/direct_uploads_controller.rb index 205d173648..78b43fc94c 100644 --- a/activestorage/app/controllers/active_storage/direct_uploads_controller.rb +++ b/activestorage/app/controllers/active_storage/direct_uploads_controller.rb @@ -3,7 +3,7 @@ # Creates a new blob on the server side in anticipation of a direct-to-service upload from the client side. # When the client-side upload is completed, the signed_blob_id can be submitted as part of the form to reference # the blob that was created up front. -class ActiveStorage::DirectUploadsController < ActionController::Base +class ActiveStorage::DirectUploadsController < ActiveStorage::BaseController def create blob = ActiveStorage::Blob.create_before_direct_upload!(blob_args) render json: direct_upload_json(blob) @@ -15,7 +15,7 @@ class ActiveStorage::DirectUploadsController < ActionController::Base end def direct_upload_json(blob) - blob.as_json(methods: :signed_id).merge(direct_upload: { + blob.as_json(root: false, methods: :signed_id).merge(direct_upload: { url: blob.service_url_for_direct_upload, headers: blob.service_headers_for_direct_upload }) diff --git a/activestorage/app/controllers/active_storage/disk_controller.rb b/activestorage/app/controllers/active_storage/disk_controller.rb index a7e10c0696..7bc5eb3fdb 100644 --- a/activestorage/app/controllers/active_storage/disk_controller.rb +++ b/activestorage/app/controllers/active_storage/disk_controller.rb @@ -4,8 +4,8 @@ # This means using expiring, signed URLs that are meant for immediate access, not permanent linking. # Always go through the BlobsController, or your own authenticated controller, rather than directly # to the service url. -class ActiveStorage::DiskController < ActionController::Base - skip_forgery_protection if default_protect_from_forgery +class ActiveStorage::DiskController < ActiveStorage::BaseController + skip_forgery_protection def show if key = decode_verified_key diff --git a/activestorage/app/controllers/active_storage/previews_controller.rb b/activestorage/app/controllers/active_storage/previews_controller.rb deleted file mode 100644 index aa7ef58ca4..0000000000 --- a/activestorage/app/controllers/active_storage/previews_controller.rb +++ /dev/null @@ -1,10 +0,0 @@ -# frozen_string_literal: true - -class ActiveStorage::PreviewsController < ActionController::Base - include ActiveStorage::SetBlob - - def show - expires_in ActiveStorage::Blob.service.url_expires_in - redirect_to ActiveStorage::Preview.new(@blob, params[:variation_key]).processed.service_url(disposition: params[:disposition]) - end -end diff --git a/activestorage/app/controllers/active_storage/variants_controller.rb b/activestorage/app/controllers/active_storage/representations_controller.rb index e8f8dd592d..ce9286db7d 100644 --- a/activestorage/app/controllers/active_storage/variants_controller.rb +++ b/activestorage/app/controllers/active_storage/representations_controller.rb @@ -1,14 +1,14 @@ # frozen_string_literal: true -# Take a signed permanent reference for a variant and turn it into an expiring service URL for download. +# Take a signed permanent reference for a blob representation and turn it into an expiring service URL for download. # Note: These URLs are publicly accessible. If you need to enforce access protection beyond the # security-through-obscurity factor of the signed blob and variation reference, you'll need to implement your own # authenticated redirection controller. -class ActiveStorage::VariantsController < ActionController::Base +class ActiveStorage::RepresentationsController < ActiveStorage::BaseController include ActiveStorage::SetBlob def show expires_in ActiveStorage::Blob.service.url_expires_in - redirect_to ActiveStorage::Variant.new(@blob, params[:variation_key]).processed.service_url(disposition: params[:disposition]) + redirect_to @blob.representation(params[:variation_key]).processed.service_url(disposition: params[:disposition]) end end |