Found it! Secure Download URL History

Ask the community
, ,
1

Hello, I just want to share on how to secure your file download url history from the browser’s download link history. After I contacted WIX support it is proven 100% that docs.wixstatic.com is not an expiring link and always a public link. You can only restrict page view. So if you happen to have an access with one of the link you can open it on any browser without logging in to your members only website page. Example link:
https://docs.wixstatic.com/ugd/35f018_ef7dd6b678aa442dba63ed4243d0a65c.pdf?dn=securefile.pdf
The link above is members only database collection permission.

I’ve searched and searched, I even came to oAuth2.0 something, token session from STRIPE , installing NPM packages using blob etc. All have failed simply because I don’t know how to do it lol.

And i bump into a youtube video that shows you how to make a direct download link from a google drive. It shows that when you open that link it will automatically download the file and What I found out on download history? An authenticated URL probably an expiring token url. Im not sure but see the image below.

866×1012 44.1 KB

692×356 12 KB

Here is the download URL history
https://doc-0k-8g-docs.googleusercontent.com/docs/securesc/k4dckrnpt90b3sog29ghse0u14tul4ei/rjvd5heuspp58dpjengj3le7htrlcj7d/1587816150000/03775276014674767220/10461265509792747014Z/1a2Tib4NsAgKOTK9scRAJ2l5j9XPJ3e-4?e=download&nonce=gn6d0letkncgm&user=10461265509792747014Z&hash=061nhh1rb4v1s6u3h6lab6fmk7r6oo5e

Here’s how I do it:

  1. On your Google drive, change the privacy of the file from onlyME to download with a link .
  2. Copy the shareable link and get the ID. The link will look like this:
    https://drive.google.com/open? id=1a2Tib4NsAgKOTK9scRAJ2l5j9XPJ3e-4
  3. Change the link format into this:
    https://drive.google.com/uc? id=1a2Tib4NsAgKOTK9scRAJ2l5j9XPJ3e-4 &export=download
  4. Put that link on the CLICK EVENT button and use wixLocation.to function.

And that’s it. In that case I can still run my code to record the downloading activity, like who downloaded the file, how many downloads etc. I can also count number of UPLOADS by recording the googledrive ID going to my database collection and add some information details of it and connect it to a repeater and make some url concatenation of my liking.

Hope this helps. So far this works for me, this is 99% secure. hehehe there is 1% flaw if you may notice it but this is much better compare to docs.wixstatic.com .

Let me know your insight and If you have some work around about this issue please comment below.
I love wix and i want to learn more. ^^ Thank you.

1 Like