Since the files are no longer in the public folder, users cannot access them via a direct URL. You must create a route that handles the download request.
public function download(File $file) { // Use Laravel Policies or Gates for authorization if (auth()->user()->cannot('view', $file)) { abort(403, 'Unauthorized'); } return Storage::disk('private')->download($file->path, $file->original_name); } Use code with caution. 3. Use Temporary Signed URLs
use Illuminate\Support\Facades\Storage; $url = Storage::disk('s3')->temporaryUrl( 'file.jpg', now()->addMinutes(15) ); Use code with caution. 4. Advanced Security Best Practices
Just One More Episode