Bug #7743

Updated by Brett Smith over 5 years ago

See CollectionsController#keep_web_url.

From #5824 note 25:

* If @keep_web_download_url@ is set, disposition=attachment links (i.e., downloads) are routed to the given URL (typically @https://download.uuid_prefix.arvadosapi.com/c=%{uuid_or_pdh}@). This is expected to match keep-web's -attachment-only-host argument.
* If @keep_web_download_url@ is set and @keep_web_url@ is _not_ set, preview is disabled and all preview/download links are routed to @keep_web_download_url@.
* If both are set, but @keep_web_url@ isn't a wildcard (one-vhost-per-collection) form and @trust_all_content@ isn't true, form, showing inline content from a non-public non-shareable-link collection will result in a download instead of preview.
* If @keep_web_download_url@ is not set, and @keep_web_url@ isn't a wildcard form, and @trust_all_content@ isn't set, showing inline content from a non-public non-shareable-link collection will produce an error: with that configuration, we can't authenticate safely without creating XSS problems.

Don't render file preview buttons in cases 2-4.

Back