S3 url method should respect https #387
Comments
|
I'm currently using the following work-around: |
|
I could be misunderstanding what you're looking for, but you can pass an :s3_protocol option to has_attached file. It defaults to 'http', which is why Attachment#url returns a HTTP url (http://rdoc.info/github/thoughtbot/paperclip/master/Paperclip/Storage/S3). |
|
I think the problem in this case isn't solved using :s3_protocol unless it's modified in some way to accept a Proc or a Lambda. The issue is that the same model (which has the has_attached_file declaration) can be accessed both from a part of your application that uses https and from another part that uses http. Therefore the link-generation needs to dynamically generate either a http or a https URL depending on the context. |
|
running into the same issue. @watson thanks for the workaround! |
|
I can see the use of this. Do you mind creating patch, with tests, and submit it as a pull request? Thank you. |
|
After some of thinking-through, it's quite hard to achieve this functionality as the attachment is in the model scope. It does not acknowledge whether the request is HTTPS or not, as that is actually in the controller's scope. I can think the way out of this would be passing an option to |
|
I agree, it would be hard to determine whether or not the app runs in HTTPS. Plus, the controller/model boundary should't be breached. However, my original issue was not related to respecting whether or not the app is using HTTPS, but respecting the configuration S3 https option from Paperclip itself. As it stands, you can set that option, but the url method ignores it. This especially curious since Paperclip uses HTTPS with S3 by default. -AH On Sunday, July 10, 2011 at 4:04 PM, sikachu wrote:
|
|
@liveh2o can I have your See: https://github.com/thoughtbot/paperclip/blob/master/lib/paperclip/storage/s3.rb#L93 |
|
Actually, my issue with this was resolved with this commit: https://github.com/thoughtbot/paperclip/blob/435ecba019eea7e1d17f632cb4377b065db71259/lib/paperclip/storage/s3.rb back in April. I can't speak for everyone watching this, but it might be safe to close this. -AH |
|
Let's wait for respond from @watson if he thinks that this is not an issue anymore or not. |
|
Why not use a URL without a protocol? //example.com/foo.jpg will work just fine in all browsers to my knowledge, and will use the protocol of the page it is referenced in. |
|
One caveat, I did read that some versions of IE will load a file twice if a // url is used in a link tag. |
|
protocol-less url would be a nice option. |
|
I'm closing this because I didn't hear back from @watson. If this is still the problem, please ping me so I can reopen it. |
|
has_attached_file :s3_protocol => 'https' will do the job |
|
|
|
+1 on having a way to generate protocol-less url's maybe something like :s3_protocol => 'relative' ? |
|
Hi all, any updates on this issue? We're facing the same problem right now and would rather have a clean solution. |
|
Hi all, I'd like this issue reopened. I don't think A nice workaround would be if I can do |
|
+1 above! need to render HTTPS url from secured area, and HTTP url from non-secure area for the same Image/Link. My scenario is a shop manger(using IE...) manages products inside a secured admin area, and the products[images] published on a public domain... pretty common scenario... off the bat another helper method like def dynamic_url |
|
+1 same use case as @zarno |
|
+1 this is driving me nuts. I've tried :s3_host_alias => '//xxx.cloudfront.net' but the urls just end up being http:////xxx.cloudfront.net' (4 slashes) rather than rendering the protocol-less url //xxx.cloudfront.net as it should. |
|
+1 I have a similar use case to @zarno and @cveneziani-silicon and no good solution as things stand. |
|
Not a permenant solution but Im using this one for now... http://stackoverflow.com/questions/3770728/secure-paperclip-urls-only-for-secure-pages --- the middleware answer |
|
Same problem here as zarno and still no good solution... the middleware solution is a bit extreme in my opinion.. |
|
Same issue, + 1 for protocol-less option. |
|
I can't see any way out except we have something like a helper: attachment_url(@user.avatar) |
|
I'm not seeing this as a problem. Is there any reason why you wouldn't want https? Even if there is, I don't believe that there's a good method for being in the view and handing some data down into the model to generate the URL. I think what people may want is to define the I'm going to close this, but if someone gives me a good reason to not be able to use https everywhere and can't use the |
|
I've got a very clear scenario, if you are using Windows Azure CDN, you can't have a custom CDN URL which works with HTTPS, so you have to use an other url for HTTPS... this mean that protocol less URL is not an option here thanks. |
|
@gmontard correct me if I'm wrong, but isn't this issue related to S3 and not Azure? |
|
Well you're right this post is about S3, but the problem described can be applied to Azure as i said... |
|
I understand what you're saying, but it still doesn't apply to Paperclip (core) that doesn't have Azure storage. This discussion is about S3 storage. I think for that case you might want to override your storage's #url method to take Thanks again. |
|
Good call, I should have figured this earlier. There is no reason we can't use https in a unsecure area aswell as secured... Duh! Time to remove the middleware! oooh yeh! |
|
Are there any problems with loading assets from S3 through HTTPS when your webpage is being served through plain HTTP? This seems like the path of least headache! |
|
I think this applies to paperclip, in general. If you look at the rails provided "url_for" and "magic" url methods, they allow for an option such as :protocol => 'https' E.g. node_url(@node, :protocol => 'https', :absolute => true, ...). It just seems to me that this should be an option across the board. Regardless of storage method. |
|
In my case I just didn't want to go changing the paperclip write config and or edit existing urls in the database. As its set and included higher up the gem load heriarchy... All I need was a render helper... and I just used something like so def https_url_for(url) I think the point from this side of the debate is that in some cases it's not necessary to make the change at the point of entry but rather determine the result upon reading the url value?? All so IE doesnt copmlain... pfft |
When using Paperclip with S3, the url-method generates a url to "http://s3.amazonaws.com/...":
<%= image_tag @user.photo.url %>
But if the current page is requested through https, Internet Explorer shows the user the following error: "This Page Contains Both Secure and Non-Secure Items"
It would be nice if we - with some setting - could enable the url-method to automatically detect and use either http or https.
The text was updated successfully, but these errors were encountered: