Is it possible to secure some resources served by Plug.Static?

Is it possible to configure Plug.Static so that some resources (but not all) return a 401 when accessed without a proper session cookie ? (My application uses Guardian, the idea would be to reuse the same plug pipeline)

I don’t think Plug.Static can be configured that way. However, I think you can alter your pipeline to include Guardian, but skipping it unless the requested path is not in a list.

You should be able to plug Plug.Static in your router pipelines as well. Some caveats:

  1. You need to read files from another file system path. For example “priv/private” instead of “priv/static”
  2. static_path in Phoenix won’t know about it, so you will need to generate the paths manually. It should be as easy as url(conn) <> "/private/images/foo.png". Make it a helper if necessary