Bug #7743
Updated by Brett Smith almost 9 years ago
See CollectionsController#keep_web_url. From #5824 note 25: * If @keep_web_download_url@ is set, disposition=attachment links (i.e., downloads) are routed to the given URL (typically @https://download.uuid_prefix.arvadosapi.com/c=%{uuid_or_pdh}@). This is expected to match keep-web's -attachment-only-host argument. * If @keep_web_download_url@ is set and @keep_web_url@ is _not_ set, preview is disabled and all preview/download links are routed to @keep_web_download_url@. * If both are set, but @keep_web_url@ isn't a wildcard (one-vhost-per-collection) form and @trust_all_content@ isn't true, form, showing inline content from a non-public non-shareable-link collection will result in a download instead of preview. * If @keep_web_download_url@ is not set, and @keep_web_url@ isn't a wildcard form, and @trust_all_content@ isn't set, showing inline content from a non-public non-shareable-link collection will produce an error: with that configuration, we can't authenticate safely without creating XSS problems. Don't render file preview buttons in cases 2-4.