Secure Download Link in Symfony 2

Question

Secure Download Link in Symfony 2

In my Symfony 2 project, I have a page displaying object information. This page has a link to the file associated with this object.

The page is protected, and it can only be displayed if the user as a specific role. The expected role is not the same for each entity, so it is tested dynamically in Action.

My problem is that even if the page is protected, anyone can access the file through their URL. I would like it to be downloadable only if the role matches the one displayed on the page.

Any suggestion on how I should do this or where to start looking?

+8

security symfony download

skwi Mar 30 '12 at 8:48

source share

1 answer

Flukey · Accepted Answer · 2012-03-30T08:55:56+0000

Move the file outside the public directory so that it is not accessible through the URL. In the controller, if the user has the correct permissions, allow the user to download the file.

You can use this in your controller:

$headers = array('Content-Type' => 'application/pdf', 'Content-Disposition' => 'inline; filename="file1.pdf"'); return new Response(file_get_contents($file), 200, $headers);

Secure Download Link in Symfony 2

More articles: