How to download a file from rails application

ruby-on-rails view download
25,181

Don't use send_file with a parameter set by a user. This opens up a massive security hole, allowing a user to access any file that is readable by your application (namely, your entire application, but also possibly other files on the filesystem).

Rather, if the file is under public, link to the file itself. In your case:

<%= link_to "Raw blast output", "/data/02_blastout/#{@bl_file}" %>

No need for a special controller action.

Share:
25,181
bdeonovic
Author by

bdeonovic

I am Benjamin Deonovic, a research scientist at the Corteva. My research interests include Bayesian data analysis, MCMC, computational statistics, bioinformatics, and psychometrics. email: [email protected]

Updated on November 17, 2020

Comments

  • bdeonovic
    bdeonovic over 3 years

    I can't seem to find a simple and clear answer to this problem anywhere! Everything seems either outdated or incomplete!

    I just want the user to be able to click on a link or button and download a file (that is somewhere in the public folder)

    I tried this:

    #view
<%= link_to "Raw blast output" ,:action => :download, :file_name => "public/data/02_blastout/#{@bl_file}" %>
#controller
def download
    send_file "#{RAILS_ROOT}/#{params[:file_name]}"
end

    but I get this error:

    No route matches {:action=>"download", :file_name=>"public/data/02_blastout/input0.fa_x_Glyma1aaunq.bl", :controller=>"cvits"}

    Thanks for the help!!

  • Josh M.
    Josh M. over 10 years
    Won't the download lockup the rails process? Shouldn't the download instead be handled by the http server (apache, etc.) as in: therailsway.com/2009/2/22/file-downloads-done-right
  • Mario
    Mario over 10 years
    If you set up apache or another server, it should handle that. This is just the code for the link.
  • miguelfg
    miguelfg over 8 years
    What if it is not a public file?, and it's only for registered user's?
  • Julien Lamarche
    Julien Lamarche over 2 years
    Mario makes a good point. But one could check if the file is within a specific directory that is expected to be a directory for downloadable content, or if the file is registered in a table of downloadable files. No?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Rails: How to download a previously uploaded document?
Uploading/Downloading files - Ruby On Rails system
How to call rails method from view on button or link click
Ruby on Rails - Call controller method from a view
How do I format datetime in rails?
How to include a css or javascript in an erb that is outside the layout?
Rails 3: Display variable from controller in view
How to pass a javascript variable into a erb code in a js view?
Sort in Ascending Order Rails
One controller rendering using another controller's views