From 4ad58fc2858e0ebbc67cc39ad02e021cdd85b059 Mon Sep 17 00:00:00 2001
From: Pete Matsyburka <pete.matsy@gmail.com>
Date: Sat, 24 Feb 2024 13:00:09 +0200
Subject: [PATCH] not found on wrong blob signature

---
 .../api/active_storage_blobs_proxy_legacy_controller.rb       | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/active_storage_blobs_proxy_legacy_controller.rb b/app/controllers/api/active_storage_blobs_proxy_legacy_controller.rb
index fca401f1..54c3ed72 100644
--- a/app/controllers/api/active_storage_blobs_proxy_legacy_controller.rb
+++ b/app/controllers/api/active_storage_blobs_proxy_legacy_controller.rb
@@ -11,7 +11,9 @@ module Api
     def show
       Rollbar.info('Blob legacy') if defined?(Rollbar)
 
-      blob = ActiveStorage::Blob.find_signed!(params[:signed_blob_id] || params[:signed_id])
+      blob = ActiveStorage::Blob.find_signed(params[:signed_blob_id] || params[:signed_id])
+
+      return head :not_found unless blob
 
       is_permitted = blob.attachments.any? do |a|
         (current_user && a.record.account.id == current_user.account_id) ||