Francesco-Lanciana
commented
5 years ago I've sent an email to Stripe support to confirm whether or not all images hosted on Stripe are made public. I'll let you know as soon as I get a response.
Closed Francesco-Lanciana closed 5 years ago
Francesco-Lanciana
commented
5 years ago I've sent an email to Stripe support to confirm whether or not all images hosted on Stripe are made public. I'll let you know as soon as I get a response.
brxck
commented
5 years ago Edit: After typing this out I saw your other issue suggesting we handle File nodes differently.
Hey I think there's some misunderstanding here. I did not add in authentication for downloading images on Product or Sku nodes, but for downloading the contents of Stripe's File nodes, which requires authentication (see the url field).
I'm not sure where authentication exists in LocalFile after your refactor, but it is not needed for Products and Skus, only Files.
njosefbeck
commented
5 years ago This has been removed as of v3.0.0.
Description
Turns out that files/images hosted on Stripe don't actually require you to authenticate with your Stripe credentials. They are entirely public. This means that there isn't ever a need for you to provide the auth header - it should simply always be removed. I have tested this locally and can now successfully pull down all images.
I'm happy to create a PR that will remove the auth option, remove the auth header in every instance, and simplify LocalFile.js since the downloadStripeHostedFile method is now no longer needed. @njosefbeck @brxck let me know if I'm forgetting something important.
Steps to Reproduce
This means that the file can be downloaded without any cookies being provided for authentication.