We would like to allow for sending redirect responses, instead of direct file responses, when responding to requests handled by the Media Entity Download module. This change would help from multiple perspectives by:
When files are not served from the local Drupal installation's files directory, the file_exists in the controller will fail and cause the exception to be thrown. It seems like it would be nice to have a configuration setting to allow external file storage. If this were checked, it would still make sure the file entity exists, but bypass the file_exists check and return a TrustedRedirectResponse object instead of the BinaryFileResponse object.
I will work on a patch for this, but if anyone has a different solution, I would love to hear about it.
My situation is that I have .htaccess rules forwarding requests to files from my local development environment or from test environments to production. This means I can't test or show the functionality until it gets to production. Once on production, I believe it should work without the external file storage configuration turned on. This could also make sense with CDN integration.
Needs work
2.0
Code
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
steven jones → made their first commit to this issue’s fork.
I've opened a MR that takes the patch from #22 and then fixes a couple of bugs.
Seems to work though!