Restrict access to files uploaded with file upload

I have a form on my site, where users can upload their profile, images and some other info (this is actors since my client is working with casting). However, when a form submission is done, the URL I get in the forms data is open for all, it’s public. How do I handle this? It’s not very safe for the users that their profile image all of a sudden is visible all over the world.

Example: This is an image I’ve uploaded as an example, and everyone can reach it:

READ-ONLY: Webflow - Wideryd Casting

Admittedly I’ve not worked with forms with uploads on Webflow, but clicking the link for me reveals:

{"msg":"You are not currently logged in","code":401,"name":"Unauthorized","path":"/api/sites/wideryd-casting/formUploads/53be17c7-4ad0-402d-91c7-c70c6e63b6ce.jpeg","err":"Unauthorized: You are not currently logged in"}

Have you tried checking this in an incognito window, or logged out maybe?

Agree with @iratefox even as a logged in Webflow user your uploads are restricted.

{"msg":"Site not found","code":404,"name":"SiteNotFoundError","path":"/api/sites/wideryd-casting/formUploads/53be17c7-4ad0-402d-91c7-c70c6e63b6ce.jpeg","err":"SiteNotFoundError: Site not found","meta":{"code":"SiteNotFound"},"errorEnum":"SiteNotFound"}

Oh my — you are correct! I was sure that I tried the incognito mode, must have missed it somehow! Sry and thanks for helping!!

Does flicking the switch fix this for previous uploads? I have changed the setting but still editors are not able to see uploads when logged in?

1 Like

Hey - okay so after contacting Webflow support - you cannot access the data directly to the URL in an email or if you have copied it somewhere using zapier - you need to log in as the editor and go to the forms tab, then pin the image fields to the table, and then the collaborator can download from there.