In this episode, we're diving into a new feature in Laravel: signed URLs for the local filesystem driver! This is a big deal if you're uploading files to your server and want to provide temporary, secure access to them — just like you might with S3 — but right on your own disk.
First, we build a simple file upload system in Laravel. We make a File
model and a migration so we can track uploaded files in the database, as well as a basic upload form and controller methods to handle uploading, listing, and downloading files. Once that's up and running, we explore the difference between storing files as public vs. private — and how that impacts who can access the files from the browser.
Traditionally, making files private on the local disk meant there was no easy way to let users securely download them (at least not without a custom controller to stream the file each time). With the new signed URLs feature, though, Laravel lets us generate a temporary, expiring link to a private file. That means users can get a direct download link that only works for a set amount of time and can't be misused if shared around.
We walk through how to generate and use these signed URLs, show what happens when the link expires, and discuss the best practices for keeping files private by default. By the end, you'll know how to use Laravel's new feature to let users upload and securely download files from your app, without needing to rely on third-party storage services.