Drupal core's handler for private files FileDownloadController implements a hook to allow arbitrary modules to:
1. add HTTP response headers
2. prevent download access

hook_file_download

Besides bringing in missing access control over private files this integration would also allow extending media_entity_download behavior through a already existing hook.

@vitalie Already created a nice patch implementing this very feature in the issue 2986486.

CommentFileSizeAuthor
#2 3012245-2.patch2.23 KBguedressel

Comments

guedressel created an issue. See original summary.

guedressel’s picture

guedressel commented
StatusFileSize
new 3012245-2.patch2.23 KB

Appending @vitalies patch from 2986486

bkosborne’s picture

bkosborne
Primary language English
Location New Jersey, USA
commented

Note that this would not be necessary if we just redirected to the URI of the file instead of proxying the download thru Drupal. I worry about bloating this module too much with what is essentially a copy of core's FileDownloadController.

moshe weitzman’s picture

moshe weitzman commented

Redirect is good as optional behavior, but in some cases you dont want to expose your changing URLs in the sites/files dir. See the bullets on the project homepage for the raison d'etre for this module.

berdir’s picture

berdir
Primary language German
Location Switzerland
commented
Status: Active » Needs review
berdir’s picture

berdir
Primary language German
Location Switzerland
commented
Status: Needs review » Closed (duplicate)

The referenced issue is now back to using this code and more, so I'm closing this as a duplicate.