Thank you, it was a big helper. I found all I needed thanks to you.
Cheers Geoffroy On Mar 12, 9:44 pm, Robert Walker <li...@ruby-forum.com> wrote: > Geoffroy Gomet wrote: > > How can I protect static assets behind authentication. > > I'm familliar with protecting dynamic pages but how to protect static > > files? > > > An example would be : someone login to my application, upload a > > picture and authorize only some users to see this picture. > > How to avoid someone to access the picture, even if this pperson knows > > the correct url of the file. > > > The solution is probably to let rails handle static files, but how to > > force this behavior and how to handle differents file types (probably > > through sendfile). > > In most production environments web resources (files under > $RAILS_ROOT/public) are served to the client by the web server (Apache, > Nginx, etc.). Your Rails application, and therefore your authentication, > are not involved at all. > > The easiest solution is to move the files you want to deliver outside of > the public folder and serve them to the client from your Rails > application using send_file: > > http://railsapi.com/doc/rails-v2.3.5/classes/ActionController/Streami... > > Take special note of the :x_sendfile option. This will basically hand > the bulk of the file streaming back to Apache. With send_file you'll be > able to control access to the protected files, by whatever means you > wish. You would then be able to send the files just as you would > normally send html to the client using Rails routing and controller > actions. > -- > Posted viahttp://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
