Caching and authentication in before_serve

[David Whitby]

Hi,

I'm trying to set up a secure Dragonfly app where you have to be logged in before you can access the files.  

I followed the authentication example in the docs and it's working for the first view, but after I've loaded the image the first time, I refresh the page but it doesn't go through the before_serve callback.  It does go to the dragonfly app but the method response.will_be_served? is returning false, so the before_serve callback never gets called.  

Is there something else in my setup I need to enable to make that will_be_served method will always return true somehow?

This is my setup:

Dragonfly.app("secure").configure do

 response_header 'Cache-Control', 'private'

 before_serve do |job, env|
   user = env['warden'].user # get devise user from scope 'user'
   throw :halt, [403, {"Content-Type" => "text/plain"}, ["Forbidden"]] unless user and user.is_employee?
 end

 plugin :imagemagick

 secret "secret"

 datastore :file,
   root_path: Rails.root.join('private/secure_assets', Rails.env),
   server_root: Rails.root.join('public')

 url_format "/secure-media/:job/:name"

 url_host ENV['ASSET_HOST'] || (Rails.env.production? ? "https://#{WEB_HOSTNAME}" : "http://#{WEB_HOSTNAME}")
end

Thanks for any advice.

David

 

[David Whitby]

I found the answer to my own question, you need to pass in a different option to the Cache-Control response_header.  Use this instead and it will always do a full reload of the image

response_header 'Cache-Control', 'no-cache, no-store'

Found that info on this page 

https://devcenter.heroku.com/articles/increasing-application-performance-with-http-cache-headers#cache-prevention