Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does one hide the URL for a link to a file?

Tags:

html

hyperlink

asp.net-mvc

download

kendo-ui

I've got a C#, Kendo MVC, Razor site. There's a Kendo grid where one of the cells has a hyperlink to a pdf file, like this:

<a href="http://example.com/Files/File123.pdf" target="_blank">File 123</a>

Clicking on the link opens a pdf in a new browser tab. The problem is, the URL is visible in the browser and can be changed to see another file. For example, the user could replace 123 with 456 and see File456.pdf. I need to do two things:

  1. Hide the filename in the URL when the pdf is opened.
  2. Hide the URL when the user hovers over the hyperlink.

Alternatively, I'd take a way to click the link (without the user seeing the URL) and download the file, but I think whether to download or view the file is browser specific.

I would just create an event to send the user back to the controller and handle the opening or download there, but the Kendo grid complicates that and this, as usual, needs to be changed right away. I'll take suggestions on how to manipulate the Kendo row to open a pdf, but I'm hoping there's a simple way to change just hide the URL from the user.

like image 386
boilers222 Avatar asked Sep 15 '17 19:09

boilers222

1 Answers

The problem is, the URL is visible in the browser and can be changed to see another file.

In my opinion the correct approach in this case would be not to pretend to hide something from the user, but rather know who your users are and implement authorization on your server. This means that if user A attempts to access file 123 that belongs to user B he gets denied. But if he attempts to access file 124 that belongs to him, then why care that he modified the url in the browser? After all user A accessed his own file. So instead of serving a static file directly, you could put those files into a folder that is not directly accessible and serve them through a controller action that will apply the necessary authorization logic (does the file that the user is trying to access actually belong to him before serving it?).

So my advice in this case for you would be to implement authorization on your server based on the resources that he is trying to access.

like image 52
Darin Dimitrov Avatar answered Oct 27 '22 08:10

Darin Dimitrov
Sign in to Comment

Related questions

Test automation html element selectors. Element ID or DataAttribute [closed]
Javascript function is undefined on onclick event of anchor tag
Prevent elements from stretching to 100% width of their flex container
HTML5 input type date disable dates before today
How to Place Two Input Fields Side-by-Side
Remove blue border appearing around element when clicked
Can we have one click recaptcha only - not the picture puzzle captcha after it
How to get the text of multiple elements split by delimiter using jQuery?
JavaScript function does not work when used inside onclick attribute
How to make image 3D using CSS
HTML video not playing with Vue.js 2
3 rows, 100% height layout, with flexbox
Centering a spinner within a div
Alternative to multiple "if statements?
How to search at element's value?
CSS Bootstrap container background
How to hide "span" if it text is "0" using jQuery?
Pass value dynamically to data-* attribute [Angular2] [duplicate]
Change font-size When Selection is made
CSS - Underline, strikethrough and overline (with styles and colors) in one element

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!