When assets like images or files are in the rails public directory with asset pipeline enabled, is everyone allowed to access them through URL?
I am asking this because now I am learning about implementing File Uploading through Carrierwave with the help of the book, Rails 4 in Action, and it says the files should be moved outside the public folder for access control.
If assets are in the public folder, does it mean that we can't do access control?
Any one can access the contents of public folder through URL.
Ref:
Are files in public folder accessible to outside world? - Rails
Related
I have a Vapor server API running in Heroku supporting an iOS app. I want to create a simple landing page for my app and I would like to host it in my existing Vapor server. How could I do that?
Vapor actually has a built-in middleware that makes this very easy. First, make sure you have a Public directory at the root of your Vapor project. Then you can put your static HTML page in there, along with any CSS and JS files it might rely on.
Next, you just need to add FileMiddleware to your application's middleware (docs):
let file = FileMiddleware(publicDirectory: app.directory.publicDirectory)
app.middleware.use(file)
Now you can access any of the files in your Public directory using their relative directory path as the path in the URL to your app. For example, if you have a static directory in your Public directory, and put a home.html file in it, you request the page by going to http://localhost:8080/static/home.html in your browser.
Assume I have two MVC applications, Public and Admin:
Public is a virtual directory mapped to www.mydomain.com
Admin is a virtual directory mapped to admin.mydomain.com.
Under the hood the files are organised as follows:
/ (all my public site files are here)
/Assets (a bunch of public assets like images .. for example)
/Admin (all my files for admin.mydomain.com are here).
The question is, can I access /Assets from within the admin.mydomain.com application.
Thanks.
You can create /Assets as virtual directory and that can be accessed using URI
I'm trying to load a favicon into my Meteor project but I can't get it to work. I tried using this tutorial but when I put the mentioned reference in the of my HTML nothing happened. Also what do they mean by /public directory? I don't have a /public directory, should I just put my favicon.ico in the root directory?
The public directory doesn't exist by default - you just need to create it. Meteor uses the public directory in the root of your app to serve plain files rather than bundling them in the app. In order for a <link rel="icon"> tag to work, it needs to point to a file that exists in public. Note that the URL to the icon will not contain the path "public/" - files in public are served as if they were at the root of your web server.
A new Meteor app doesn't include any folders except the required .meteor directory. However, it will treat folders named public, private, client, server, and lib specially. You can also create more arbitrarily named directories. This affords you a lot of control over the exact structure of your app. Read about the Meteor directory structure in the Documentation:
Lastly, the Meteor server will serve any files under the public directory, just like in a Rails or Django project. This is the place for images, favicon.ico, robots.txt, and anything else.
Create client/header.html: <head><link rel='icon' href='/favicon.ico'></head>
Put you favicon.ico into /public folder.
Start server, open your browser and see the result.
I am authoring an MVC application that is hosted by another MVC hosting solution. The dll from the client app is copied into the bin folder of the hosting app. The Views, Views/Shared, Scripts, Content, ... are all copied to the hosting project as well. In the Hosting solution, I've created an Area that will act as the base for any of the client apps and dynamically create routes to the view via a warmup routine. This part works great.
However, my javascript bundles do not render as I would hope, I believe it is because they files aren't being found. In this client app, I have two JS files...for simplicity's sake, javascript1.js and javascript2.js. The are located in my Scripts folder of my client app: C:\MyClientApp\Scripts\*.js. Upon compilation, a post build event copies the files to the Hosting solution: C:\MyHostingApp\Scripts\MyClientApp\*.js.
In an app startup (also done in the warmup routine), my bundle is built:
[assembly: WebActivatorEx.PostApplicationStartMethod(typeof(MyClientApp.AppStart), "Start")]
namespace MyClientApp
{
public static class AppStart
{
public static void Start()
{
ConfigureBundles();
}
private static void ConfigureBundles()
{
var bundle = new ScriptBundle("~/MyClientApp/Js")
.Include("~/Scripts/javascript1.js")
.Include("~/Scripts/javascript2.js");
BundleTable.Bundles.Add(bundle);
}
}
}
In my view, I would like to call #Scripts.Render("~/MyClientApp/Js"). This doesn't work though, nothing is rendered. My assumption is that it is looking for that bundle under the root of the application, not under the MyClientApp. In an attempt to properly locate the bundle, I tried writing an HtmlHelper extension to resolve the bundle...though the best I could get it to do was to resolve the bundle name into my source and ultimately it seemed that there must be a simpler way to accomplish this. Any ideas on how to render these bundles? Is there something I can do with the routing engine, comparable to Views to locate JS (and eventually css) files?
Thanks!
Bundling currently uses a VirtualPathProvider to find the files for the bundles. The built in VirtualPathProvider only knows about files within the application. If you want to be able to reference files outside of the app, you could try implementing your own VPP that can retrieve files outside of the app.
This is a simple question but I can't seem to find an answer for it anywhere. If you store some files (say some static PDFs) in your public directory, is there a way that someone who isn't authorized to view those files, can view them by typing in a url like example.com/public/static_document.pdf? If so, can you disable this in Rails?
The public is definitely public and open to people guessing the URL.
Check out Ruby On Rails - Securing Downloads Area for someone else asking similar.
I store these generally in Rails.root/secure_files and then use send_file in the Controller to authorize and send these files.
The public folder contains the static files and compiled assets for the client to read. The folder by default is accessible to anyone visiting your site. Test it by typing in a slug of the folder name currently in your public folder.