Contrib.social

Add support to sync private files

Open on Drupal.org β†’
Created on 6 September 2023, 10 months ago
Updated 22 January 2024, 5 months ago

Problem/Motivation

If we sync media entities, either directly or if they are referenced by nodes, the associated physical file gets requested with an anonymous GET request which leads to an authentication error and the file won't be transferred. As we do have a portal product in the makes, where we can't open up the permissions, we're looking for a different solution which would also allow for private files to be synced.

A possible solution could be, that the client and server negotiate a token for file requests, and the client uses that token in its request as an argument so that the entity share server can then grant access permission to the file, just for that request. Like individual authentication on that file request.

Maybe there are better ways of doing this?

✨ Feature request
Status

Closed: duplicate

Version

3.0

Component

Code

Created by

πŸ‡©πŸ‡ͺGermany jurgenhaas Gottmadingen

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @jurgenhaas
  • Comment 10 months ago β†’
    πŸ‡©πŸ‡ͺGermany jurgenhaas Gottmadingen

    Hmm, just did some more research, and it turns out that the request should be authenticated, just like everything else with entity share, simply because that's the only way to decide if a file or media entity is really available to the user or not.

    So, instead of downloading from the file URI, the download should go through a route which is owned by the entity share server who does the authentication and then returns the file's content.

  • Comment 10 months ago β†’
    πŸ‡¨πŸ‡¦Canada mahde Vancouver

    I am facing the same issue with private files and I am not able to sync and I got this error:

    Client exception when requesting the URL: /system/files/Mahde_Test.pdf with method GET: Client error: `GET https://system/files/Mahde_Test.pdf` resulted in a `403 Forbidden` response:

    I am not sure how to fix this!

  • Comment 10 months ago β†’
    πŸ‡¨πŸ‡¦Canada mahde Vancouver

    The problem was because I was using this patch https://www.drupal.org/project/entity_share/issues/3275110 πŸ› Entity Share Client is fails to synchronize the file if the website needs to be login. Needs work which was setting the authentication as anonymous.
    Removed the patch and it works fine now!

  • Status changed to Closed: duplicate 5 months ago
  • Comment 5 months ago β†’
    πŸ‡¨πŸ‡³China dravenk
contrib.social Blog FAQ Discussions
Production build 0.69.0 2024