I’m looking to do something similar to the “secret URLs” in Rails
Recipes, however, with file downloads. I want to avoid providing direct
URLs to people if possible.
I have files on disk in public/, so it would be good if each user got a
“unique” URL to each file that they are permitted to see (dealt with by
a user_id/file_id table). Then they are only allowed to download the
file if they are logged in and the secret matches. Otherwise, anybody
could simply point to http://…/example.pdf and download the file,
whether logged in or not.
I could do this with redirect_to I believe, but as far as I know that
just sends a 3xx redirect to the browser which would point to the real
Is there any easy way to do this?