看图不登录

app/controllers/attachments_controller.rb

@@ -21,7 +21,7 @@ class AttachmentsController < ApplicationController
   before_filter :delete_authorize, :only => :destroy
   before_filter :authorize_global, :only => :upload
   
-  before_filter :require_login, only: [:download]
+  before_filter :login_without_softapplication, only: [:download]
 
   accept_api_auth :show, :download, :upload
 
@@ -207,4 +207,9 @@ private
     end
     content_type.to_s
   end
+
+  def login_without_softapplication
+    referer = request.headers["Referer"]
+    require_login unless referer =~ /softapplication/
+    end
 end