Image upload permissions


We’re running a closed invite-only forum, and have just noticed that uploaded images are accessible without logging in.
Also, files uploaded to categories with limited view permissions, are also viewable by everyone.

I’ve checked the “prevent anons from downloading files” but it doesn’t seem to do anything.


(Rafael dos Santos Silva) #2

Are you on latest? I remember some recent changes around this.


v1.8.0.beta5 +106 with a smiley face

(Jeff Atwood) #4

Are you using a CDN?


Sorry, forgot to respond.

(Jeff Atwood) #6

Hmm, not sure, this setting should work. Any ideas @zogstrip?

(Régis Hanol) #7

That setting is only for attachments though. Only attachments hit the rails app. Images are directly served by NGINX.

(Jeff Atwood) #8

Ah so the title of this topic is wrong, it is not about file upload permissions, it is image permissions. Bad title, I will fix.

For the record

  • files = file attachments
  • images = images, pictures

very different things…

(Alan Tan) #9

Probably a duplicate of


Yeah, you’re right, sorry. But it also shows that to an average user the wording is confusing, as is the behavior difference between uploading a file and image.

@tgxworld, yup, thanks!