问题描述

这是一个简单的问题，但我似乎无法在任何地方找到答案.如果您在 public 目录中存储了一些文件(比如一些静态 PDF)，是否有一种方法可以让无权查看这些文件的人可以通过输入类似 example.com/public/static_document.pdf?如果是这样，您可以在 Rails 中禁用它吗?

This is a simple question but I can't seem to find an answer for it anywhere. If you store some files (say some static PDFs) in your public directory, is there a way that someone who isn't authorized to view those files, can view them by typing in a url like example.com/public/static_document.pdf? If so, can you disable this in Rails?

推荐答案

public 绝对是公开的，对猜测 URL 的人开放.

The public is definitely public and open to people guessing the URL.

查看Ruby On Rails - 保护下载区以了解其他人的提问类似.

Check out Ruby On Rails - Securing Downloads Area for someone else asking similar.

我一般将这些文件存储在 Rails.root/secure_files 中，然后在 Controller 中使用 send_file 来授权和发送这些文件.

I store these generally in Rails.root/secure_files and then use send_file in the Controller to authorize and send these files.

这篇关于外部世界可以访问公共文件夹中的文件吗?- 导轨的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！