CDN module doesn't support Drupal's private file system functionality. It's documented in the FAQ. But for the few users who do use it, we should warn them automatically.

See #1605152-4: log shows "Nested HTTP request to generate..." and later.

Comments

JamesOakley’s picture

One challenge is that, with Drupal 7, now that CCK is in core, the choice of private versus public file system is no longer a site-wide choice but is made for each file or image field. So it would be possible for a site to use public fields for almost everything, but to have one field that is private to allow controlled download of just a few attachments. (That's not an unlikely use-case - consider an e-commerce site with pay-to-download content. You'd want preview images of products, and possibly other images in the help pages for the store, but you'd want the attachments people pay for to be private.

Wim Leers’s picture

Oh. I actually didn't know that :) Thanks :)

That'd mean you'd have to look at all file & image fields and check whether they're using the private file system.

JamesOakley’s picture

Uck!

It also means being sure (from a security point of view) that CDN will definitely rewrite public files but not private ones. Slightly concerning was my discovery in #1605152: log shows "Nested HTTP request to generate..." that, without far-future expiration enabled, even private files were being rewritten. Because I had no access control on those fields (I'd just inherited a private file system), it didn't matter, but if I had had...

Wim Leers’s picture

CDN module + private files = undefined behavior. I explicitly don't support it :)

I'd be open to add support for it, but it's a big undertaking because each CDN has its own system for doing protected downloads. Or, equally often: *no* system/support for that.

JamesOakley’s picture

Status: Postponed » Needs work

OK.

I've not got time to turn this into a full-blown patch at the moment, but this snippet displays a list of all the fields in the database that are a file-storage type fields, and that are set to private.

I'd imagine that if the array $privateFields turns out to be non-empty, hook_requirements() should display a warning that CDN module does not support private file types and therefore results are unpredictable and possibly insecure, followed by this list of field types.

$fieldInfo = field_info_fields();
$privateFields = array();
foreach($fieldInfo as $name=>$detail)
{
  if (isset ($detail["settings"]["uri_scheme"]))
  {
    if($detail["settings"]["uri_scheme"] == "private")
    {
      $privateFields[$name] = $name;
    }
  }
}
if(!empty($privateFields))
{
  print('<ul>');
  foreach($privateFields as $name)
  {
    print('<li>' . $name . '</li>');
  }
  print('</ul>');
}
Wim Leers’s picture

Great first stab! Thanks :)

Wim Leers’s picture

Issue summary: View changes
Status: Needs work » Closed (duplicate)
Related issues: +#2352391: Exclude private:// stream wrapper

I don't know why I didn't simply state in the past that cdn_file_url_alter() should be updated to exclude private://… that'd solve the problem transparently for everybody.

The sad thing is that we cannot programmatically (i.e. by stream wrapper type, see the constants at https://api.drupal.org/api/drupal/includes%21stream_wrappers.inc/7) exclude the private file system, we have to check for it explicitly. But oh well, that seems acceptable.

Let's do that over at #2352391: Exclude private:// stream wrapper.