ActiveStorage has a different approach than what is suggested by @dhh here. The idea there seems to be to rule out a default and to explicitly set ActiveStorage::Current.url_options or by include ActiveStorage::SetCurrent. I don't understand why and asked about it in the Rails Forum. Maybe someone here can point out why we don't use a sensible default in ActiveStorage?

Although it is possible to manually craft all the necessary HTTP requests to get the signed keys and manually upload the file to the storage backend, thankfully we don’t have to. Rails already provides us with the @rails/active_storage package, which greatly simplifies the process.

Now this is where the magic of our activestorage library from node package manager comes in. At the top of our CreateAccount.js file we need to import a Component, DirectUpload, from this library…

To upload a file, a client must perform the following steps:Obtain the file metadata (filename, size, content type and checksum)Request direct upload credentials and a blob ID via API—createDirectUpload mutationUpload the file using the credentials (no GraphQL involved, HTTP PUT request).

I assume that the ActiveStorage::Attachment class gets reloaded dynamically and that the extensions are lost as they are only added during initialization. You’re correct. Use Rails.configuration.to_prepare to mix your module in after application boot and every time code is reloaded: Rails.configuration.to_prepare do ActiveStorage::Attachment.send :include, ::ActiveStorageAttachmentExtension end

ActiveStorage::LogSubscriber.detach_from :active_storage

Overriding the ActiveStorage controllers to add authentication or customize behavior is a bit tedious because it requires either: using custom routes, which means losing the nice url helpers provided by active storage copy pasting the routes in the application routes.rb, which is not very DRY.

it should be normal for production apps to add authentication and authorization to their ActiveStorage controllers. Unfortunately, there are 2 possible ways to achieve it currently: Not drawing ActiveStorage routes and do everything by yourself Override/monkey patch ActiveStorage controllers None of them is ideal because in the end you can't benefit from Rails upgrades (bug fixes, etc) so the intention of this PR is to let people define a parent controller (inspired by Devise, maybe @carlosantoniodasilva can tell us his experience on this feature) so that people can add authentication and authorization in a single place and still benefit from the default controllers.