How to download a file from rails application
Don't use send_file
with a parameter set by a user. This opens up a massive security hole, allowing a user to access any file that is readable by your application (namely, your entire application, but also possibly other files on the filesystem).
Rather, if the file is under public, link to the file itself. In your case:
<%= link_to "Raw blast output", "/data/02_blastout/#{@bl_file}" %>
No need for a special controller action.
bdeonovic
I am Benjamin Deonovic, a research scientist at the Corteva. My research interests include Bayesian data analysis, MCMC, computational statistics, bioinformatics, and psychometrics. email: [email protected]
Updated on November 17, 2020Comments
-
bdeonovic over 3 years
I can't seem to find a simple and clear answer to this problem anywhere! Everything seems either outdated or incomplete!
I just want the user to be able to click on a link or button and download a file (that is somewhere in the public folder)
I tried this:
#view <%= link_to "Raw blast output" ,:action => :download, :file_name => "public/data/02_blastout/#{@bl_file}" %> #controller def download send_file "#{RAILS_ROOT}/#{params[:file_name]}" end
but I get this error:
No route matches {:action=>"download", :file_name=>"public/data/02_blastout/input0.fa_x_Glyma1aaunq.bl", :controller=>"cvits"}
Thanks for the help!!
-
Josh M. over 10 yearsWon't the download lockup the rails process? Shouldn't the download instead be handled by the http server (apache, etc.) as in: therailsway.com/2009/2/22/file-downloads-done-right
-
Mario over 10 yearsIf you set up apache or another server, it should handle that. This is just the code for the link.
-
miguelfg over 8 yearsWhat if it is not a public file?, and it's only for registered user's?
-
Julien Lamarche over 2 yearsMario makes a good point. But one could check if the file is within a specific directory that is expected to be a directory for downloadable content, or if the file is registered in a table of downloadable files. No?