开发者

Rack Middleware, is it not called for requests on /assets?

开发者 https://www.devze.com 2023-03-30 01:02 出处:网络
I\'m trying to build a middleware that can restrict access based on conditions. I noticed that I have no control over request that come in as /assets.....

I'm trying to build a middleware that can restrict access based on conditions. I noticed that I have no control over request that come in as /assets.....

Is there a way to get the middleware called so you can do access control?

Right now

http://localhost开发者_高级运维:3000/assets/unauthorized-028be791049e981f9aa0b7da383195e1.js

Doesn't show up in the logs and somehow bypasses my Rack.middleware.

Ideas? Thanks


Your assets will almost definitely not get solved by your rails app in production, rather, nginx or apache will be serving them, so even if you got your development machine's middleware to intercept asset calls, you couldn't rely on the same happening in production.

You should either serve the assets you need to restrict directly from a controller action (kind of an ugly, but simple, solution), or use something like S3 that will give you fine grained controller over who can access them.

0

精彩评论

暂无评论...
验证码 换一张
取 消