-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nginx configuration change to deny access to active_storage blobs #1081
nginx configuration change to deny access to active_storage blobs #1081
Conversation
Should be handled in the background and not grant access to the average user.
Thumbnails etc appear to continue to work with this change. |
We should configure Apache to return |
510 Not Extended 410 Gone 403 Forbidden |
I wonder if 403 is a more proper response? The content is not gone, but just not premitted to be viewed through centain routes? We'd be able to use .htaccess file:
Or in apache configuration:
|
As discussed this morning: since we'll never serve to the public from this URI again, I think 410 is appropriate: there's no point in any external system remembering this URI for any kind of future access. (And sorry about the 510 Can't Remember Response Code error) |
I suppose the fully correct response would be a |
I've emailed @henryzhang87 asking for the configuration change as outlined in @weiweishi 's comment above, with 410 response codes. |
Since the equivalent is already in production can we merge this to catch up uat? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me.
Should be handled in the background and not grant access to the average user.
The equivalent for apache (jupiter.conf) is
Use the docker deployment images
Visit localhost and pick an item with download. Make note of the id, for example '8927cb4f-9d9c-4cd1-b2cb-78aad9cc536a'
In the rails console find a blob url
Make note of the response. It will be something like
http://uat.library.ualberta.ca/rails/active_storage/blobs/qaqoPUYCMvwp9GPoNBeaT8DK/840559b8-e953-4606-b417-546b0fb27f16
From this branch you should not be able to visit the url
But all the variants for thumbnails should still work
From the master branch