Hello,
I’m trying to control the access to files in the uploads folder. Nobody should be able to access files directly in the browser.
I’m using a custom policy like this:
const koaStatic = require("koa-static");
const { defaultsDeep } = require("lodash/fp");
const defaults = {
maxAge: 60000,
defaultIndex: true,
};
module.exports = (plugin, config) => {
const { defaultIndex, maxAge } = defaultsDeep(defaults, config);
strapi.server.routes([
{
method: "GET",
path: "/uploads/(.*)",
handler: koaStatic(strapi.dirs.static.public, {
maxage: maxAge,
defer: true,
}),
config: {
auth: false,
policies: [
async (policyContext, config, { strapi }) => {
if(policyContext.request.headers['token'] == 'myToken'){
return true;
}
return false;
},
],
},
},
]);
return plugin;
};
It works so far. I can still access the files from my application by sending the token in the header.
The problem is, image previews in strapi itself don’t work anymore.
My question is, how can I check if the request comes from strapi or from a direct link?
Thanks!