I'm trying to build a middleware that can restrict access based on conditions. I noticed that I have no control over request that come in as /assets.....
Is there a way to get the middleware called so you can do access control?
Right now
http://localhost开发者_高级运维:3000/assets/unauthorized-028be791049e981f9aa0b7da383195e1.js
Doesn't show up in the logs and somehow bypasses my Rack.middleware.
Ideas? Thanks
Your assets will almost definitely not get solved by your rails app in production, rather, nginx or apache will be serving them, so even if you got your development machine's middleware to intercept asset calls, you couldn't rely on the same happening in production.
You should either serve the assets you need to restrict directly from a controller action (kind of an ugly, but simple, solution), or use something like S3 that will give you fine grained controller over who can access them.
精彩评论