Hicham Zouarhi
Reputation: 1060
How to block access to public/assets from url in Ruby On Rails
I'm working on a Ruby On Rails app and I'm calling some js, css, images and csv files from public/assets.
I added an authentication when accessing the page using these assets:
class MyPageController < ApplicationController
before_action :authenticate
def index
end
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == 'login' && password == 'password'
end
end
end
and it works for this page but if I type localhost:3000/assets/myFile.csv I can access it and download it without being asked for authentication.
Is there a way to add an authentication on that url or to block it ?
Thanks
Upvotes: 0
Views: 432
Answers (1)
Jim Deville
Reputation: 10672
If you need them to be blocked, then it's better to move them to a different folder. The intention of that folder is to hold publicly accessible static files.
Upvotes: 4
Related Questions
- How can I protect the content of public/ in a Rails app
- Rails: do not allow access to static asset directory without a trailing /
- Ruby - Allowed/restrict Url access
- protect urls in rails
- Keeping Image URLs behind a authentication wall
- secure a specific /assets file from direct access in routes or else somehow?
- Hiding urls in a Rails 3 application
- How to restrict public access to a rails app
- Rails - restrict URL access to images?
- How do I deny access to a specific URL in my rails app?