In the Laravel public folder i have a symlink to storage/public.
The problem is that public/storage/public is visible for everybody. So I want to restrict access to authenticated users.
The reason why I don't want to remove public/storage/public and make Laravel serve the files through a controller is that it requires a massive rewrite of an AngularJS 1.5.7 and Laravel applications that relies on that folder being available.
My wild guess would be to make the nginx web server read the bearer token used by the AngularJS application and authenticate the request:
location /storage/ {
// Somehow get valid token from Laravel
set $token "Bearer xxxxxx";
if ($token != $http_authorization) { return 403; }
root /path/to/public;
}
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire