Hi,
I'm trying to set up a secure Dragonfly app where you have to be logged in before you can access the files.
I followed the authentication example in the docs and it's working for the first view, but after I've loaded the image the first time, I refresh the page but it doesn't go through the before_serve callback. It does go to the dragonfly app but the method response.will_be_served? is returning false, so the before_serve callback never gets called.
Is there something else in my setup I need to enable to make that will_be_served method will always return true somehow?
This is my setup:
Dragonfly.app("secure").configure do
response_header 'Cache-Control', 'private'
before_serve do |job, env|
user = env['warden'].user # get devise user from scope 'user'
throw :halt, [403, {"Content-Type" => "text/plain"}, ["Forbidden"]] unless user and user.is_employee?
end
plugin :imagemagick
secret "secret"
datastore :file,
root_path: Rails.root.join('private/secure_assets', Rails.env),
server_root: Rails.root.join('public')
url_format "/secure-media/:job/:name"
url_host ENV['ASSET_HOST'] || (Rails.env.production? ? "https://#{WEB_HOSTNAME}" : "http://#{WEB_HOSTNAME}")
end
Thanks for any advice.
David