Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for directories outside public folder #229

Open
sterborg opened this issue Jan 9, 2025 · 7 comments
Open

Add support for directories outside public folder #229

sterborg opened this issue Jan 9, 2025 · 7 comments
Labels
bug

Comments

@sterborg
Copy link

sterborg commented Jan 9, 2025

As I cannot find the way to make this work:
Could you please support secured directories outside the public folder?
I switch from fal_securedownloads where it was possible to secure any folder in any file storage. It would be nice to have this feature in this extension too.
@balasch
Copy link
Contributor

balasch commented Jan 9, 2025

I have no idea what the point is of protecting files that are located outside the webroot. They can't be accessed anyway. So what should I want to protect then? I probably don't understand you

@sterborg
Copy link
Author

My understanding of your extension is, that it accesses files through a script that honors TYPO3 access rights and that´s what I want.

For the security part the documentation says, that "you will of course need to configure your web server not to deliver these things directly ". So also in a normal case these files are protected by server means and not by the extension.

When the files are located outside the webroot, I do not have to configure anything to protect them from direct access. I don´t need a .htaccess file or nginx configuration.

@balasch
Copy link
Contributor

balasch commented Jan 10, 2025

The web server must be configured in such a way that all access to a directory is blocked via .htaccess and then handled via TYPO3 and thus ultimately via the Secure Download extension. The extension then decides whether a file can be delivered or not when it is accessed from the front end.

In order for the extension to become active, the web server must make a redirection. This means that a file outside the public path makes no sense because no redirect can take place. And here I don't understand the question of whether paths outside the public folder can also be protected. It is possible to define a storage outside the public folder. But the contents of this folder are processed again somewhere via typo3temp for the frontend, which is again under the public folder.

One more note: it is only about accessing files from the frontend. The extension does not protect anything in the backend. Here it is possible to use storages, mounts and BE groups with TYPO3 on-board resources to control backend user access to files.

@balasch balasch closed this as completed Jan 10, 2025
@sterborg
Copy link
Author

Well I have a storage with files from outside the public folder. How can I use that in secure_downloads? According to the documentation I only can configure paths inside public/.

@balasch
Copy link
Contributor

balasch commented Jan 10, 2025

In this case, who accesses which file from where?

@balasch balasch reopened this Jan 10, 2025
@sterborg
Copy link
Author

Frontend users of a certain frontend usergroup on a webpage with a content element "uploads" containing files of the protected/restricted storage. Or via a link to a file in a RTE text.

@balasch
Copy link
Contributor

balasch commented Jan 10, 2025

In this case, you should actually create a storage with the File Secure Driver:

grafik

Unfortunately, I have just discovered that there is an error if the path is outside of Public. We will have to fix that.

@balasch balasch added the bug label Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sterborg @balasch