Framework: Private storage visibility is not applied

Created on 18 Jun 2017  路  3Comments  路  Source: laravel/framework
  • Laravel Version: 5.4.27
  • PHP Version: 5.6.30

Description:

When a new file is created with private visibility, or an existing file visibility is set to private, the file visibility is still public and it is still accessible from the browser.

Steps To Reproduce:

1- Create a new private file in 'storage/app'
use Illuminate\Support\Facades\Storage;
Storage::put('file.txt', 'contents', 'private');

2- Get its visibility
Storage::getVisibility('file.txt');

3- Output
public

Notes:

  • The files can be accessed from the browser if a symbolic link to the 'storage/app' folder exists in the 'public' folder.
  • As an additional security concern, I also tried to change the 'public' disk visibility from public to private in 'config/filesystems.php'
    'public' => [
    'driver' => 'local',
    'root' => storage_path('app/public'),
    'url' => env('APP_URL').'/storage',
    'visibility' => 'private',
    ],
    But the files in 'storage/app/public' are still accessible in the browser through the 'storage' symbolic link to it.
picture DavHanna

Most helpful comment

The visibility flag is only for cloud filesystems lik S3 or Dropbox.

picture srmklive on 18 Jun 2017
👍3

All 3 comments

Visibility is only for cloud filesystems AFAIK.

decadence picture decadence on 18 Jun 2017
👍2

The visibility flag is only for cloud filesystems lik S3 or Dropbox.

srmklive picture srmklive on 18 Jun 2017
👍3

Well thank you for making this clear.

DavHanna picture DavHanna on 18 Jun 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

digirew picture digirew  路  3Comments
iivanov2 picture iivanov2  路  3Comments
CupOfTea696 picture CupOfTea696  路  3Comments
SachinAgarwal1337 picture SachinAgarwal1337  路  3Comments
lzp819739483 picture lzp819739483  路  3Comments