/Drupal 8

function hook_file_download


Control access to private file downloads and specify HTTP headers.

This hook allows modules to enforce permissions on file downloads whenever Drupal is handling file download, as opposed to the web server bypassing Drupal and returning the file from a public directory. Modules can also provide headers to specify information like the file's name or MIME type.


$uri: The URI of the file.

Return value

If the user does not have permission to access the file, return -1. If the user has permission, return an array with the appropriate headers. If the file is not controlled by the current module, the return value should be NULL.

See also


Related topics

Define functions that alter the behavior of Drupal core.


core/lib/Drupal/Core/File/file.api.php, line 31
Hooks related to the File management system.


function hook_file_download($uri) {
  // Check to see if this is a config download.
  $scheme = file_uri_scheme($uri);
  $target = file_uri_target($uri);
  if ($scheme == 'temporary' && $target == 'config.tar.gz') {
    return array(
      'Content-disposition' => 'attachment; filename="config.tar.gz"',

© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.