Topics

Filament•2mo ago

Forbidden on temporaryUrl

Hello, In production, I am unable to display previews of images stored as private. The generated URL returns a 403 forbidden error. However, I do not have this issue locally. And when I create a custom function to generate a temporary URL, I do not have this issue either. Here is the function:

public function getTemporarySignedRoute(Request $request, int $mediaId)
    {
        if (! $request->hasValidSignature()) {
            abort(403);
        }

        $media = Media::findOrFail($mediaId);

        $fullPath = storage_path(‘app/private/’.$media->file_path);

        if (! file_exists($fullPath)) {
            abort(404);
        }

        return response()->file($fullPath);
    }

public function getTemporarySignedRoute(Request $request, int $mediaId)
    {
        if (! $request->hasValidSignature()) {
            abort(403);
        }

        $media = Media::findOrFail($mediaId);

        $fullPath = storage_path(‘app/private/’.$media->file_path);

        if (! file_exists($fullPath)) {
            abort(404);
        }

        return response()->file($fullPath);
    }

Do you know what the reason could be? Or do you know how to override the retrieval of the temporary URL to use my function? Thanks!

Solution:

It's using this: https://laravel.com/docs/12.x/filesystem#customizing-temporary-urls

File Storage - Laravel 12.x - The PHP Framework For Web Artisans

Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.

Jump to solution

28 Replies

Dennis Koch•2mo ago

Does your APP_URL match your Browser URL? http vs https, www vs non-www, any params that are stripped? Any redirect happening?

boulyOP•2mo ago

Yes it does.

Dennis Koch•2mo ago

Hm. Maybe somethin like a tralining slash that gets removed/added?

boulyOP•2mo ago

I just tried to add/remove the last trailing slash. But it does not change anything

Dennis Koch•2mo ago

So if everything appears the same, your only option is to dig into the URL generation and check why it's generating different Signatures. Something must be off.

boulyOP•2mo ago

Do you know how to modify the way filament generate this URL? The URL generated by my custom function works... So I would like to use this function.

Dennis Koch•2mo ago

Filament does not generate the URL. It's the Filesystem Adapter

The URL generated by my custom function works...

Which custom function?

Dennis Koch•2mo ago

https://laravel.com/docs/12.x/filesystem#customizing-temporary-urls

File Storage - Laravel 12.x - The PHP Framework For Web Artisans

Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.

boulyOP•2mo ago

The fileUpload preview is something like : /storage/complaints/123.jpg?expires=1755698399&signature=d290...27 (But this URL return a 403 forbidden). To be sure the file is accessible, I created a custom route to generate a temporaryUrl myself. Something like that : /files/getTemporarySignedRoute/48?expires=1755855850&signature=1792...a7 (This URL Works!)

Dennis Koch•2mo ago

created a custom route to generate a temporaryUrl

You mean a custom Controller to stream the file?

boulyOP•2mo ago

Yes

Dennis Koch•2mo ago

So you don't have a Controller to handle requests to storage/complaint?

boulyOP•2mo ago

No. I thought Laravel handled that on its own without any action on my part. We should not create our own controller that retrieves the preview of an image using fileUpload. I am wrong?

Dennis Koch•2mo ago

No, Laravel does not handle private files. That's your part.

toeknee•2mo ago

What storage engine are you using

Dennis Koch•2mo ago

Probably local. Because with S3 it would be handled.

boulyOP•2mo ago

Yes it is local. The default with v4

Dennis Koch•2mo ago

Also files are served from local disk in their example

boulyOP•2mo ago

'local' => [
      'driver' => 'local',
      'root' => storage_path('app/private'),
      'serve' => true,
      'throw' => false,
      'report' => false,
  ],

'local' => [
      'driver' => 'local',
      'root' => storage_path('app/private'),
      'serve' => true,
      'throw' => false,
      'report' => false,
  ],

Dennis Koch•2mo ago

I thought we had an example for that in the docs, but apparently we don't have one.

boulyOP•2mo ago

Because my question is: how do I tell fileUpload which route it should use to retrieve a private file ?

Dennis Koch•2mo ago

Hm, I don't know that serve config yet. It sounds like it should do more, but I guess all it does is allowing temporary URL

Solution

Dennis Koch•2mo ago

It's using this: https://laravel.com/docs/12.x/filesystem#customizing-temporary-urls

File Storage - Laravel 12.x - The PHP Framework For Web Artisans

Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.

toeknee•2mo ago

Yeah was just double checking he wasn't using local locally and s3 remotely and private urls needing to be g enbaled on s3 hehe

Dennis Koch•2mo ago

Storage::temporaryUrl()

boulyOP•2mo ago

Oh ok, So I should manually had this code in the AppServiceProvider, so fileUpload will generate the temporaryUrl using this function? I guess. Ok it works this way! Thanks for your help!!

Dennis Koch•2mo ago

I think we should add an example to the docs for private files. Wondering why the default was linking to storage because that's the same as the public storage folder.

boulyOP•2mo ago

Yes it would be nice. Thanks!

A powerful open source UI framework for Laravel • Build and ship admin panels & apps fast with Livewire

20KMembers

View on Discord

Did you find this page helpful?