FileDownload R missing folder in download URL

The download path is generated incorrectly. A folder is missing.
Correct ULR:
generated URL:
The “assets/” folder is missing.
This means that the file cannot be downloaded.

MODX 2.8.1
PHP 7.4
FileDownlad R 2.0.0pl

It would probably help if you could provide your snippet call to figure out what the problem is.

You are right! Here is my snippet-call:


chunk: wrapperTpl:

<table class="fd-table">
        <td colspan="3"><strong>Path: [[+fd.path]]</strong></td>
    <tr class="fd-header">

Now I’m confused!
You said “The ‘assets/’ folder is missing.” but in the call you use the path “…/filesIntern”. Also, with this call to FileDownload you get back a hashed link without any folders.

Oh sorry, i sent you a wrong snippet call. Because i want to use it, that the files are outside the root. But this does not work. Then i create another call where the path is inside the root to test ist. And there i saw, that the URL is wrong.

Here is the snippet call:


I did some testing. In the function _directLinkFileDownload the file-path is converted into a url and this is the line where it failed in my test:

Try changing this line to

$url = ltrim($parseUrl['path'], '/');

and check if that helps.

o.k. this would work with the option


but not with


then the file is not found and i get an error page.

Please make up your mind if you want to use &directLink=`0` or &directLink=`1` . There are huge differences between these two settings.
With &directLink=`0` the URL of the file is never used. If the generated URL for &directLink=`1` is wrong, then this doesn’t matter at all for &directLink=`0` as only the file-path is used!

As this seems to be now a completely different problem. What is the behaviour you see?
Are the files listed correctly with a link like this?

When do you see an error page? When you click on a link?

Both should work, right? I would like to offer documents for download that are outside the root. It is a password-protected area on the site. Since it didn’t work with &directLink=0, I tested it with &directLink= 1 and found that it doesn’t work there either. I suspected a connection.

The following URL is generated (with &directLink=0):

If I click on the URL, I get to the 404 error page.

Just to be sure: I assume if you delete the fdlfile parameter in the link, then the page works correct.

  • Are there any (related) error message in the MODx error log?
  • There is this line in the snippet FileDownload that maybe redirects to your error page (depending on your unauthorized_page system setting).

To check if this is the place where the snippet breaks, you could add a $modx->log() line to the snippet code and then check the MODx error log if the text (here '-> sendUnauthorizedPage') gets written.

if ($baseRef !== $page) {
	$modx->log(modX::LOG_LEVEL_ERROR,'-> sendUnauthorizedPage'); //log error message
	return $modx->sendUnauthorizedPage();

Yes, the page is working correct. No error messages.
Even after changing the code in the file, no error message.
I’ve run the extra on other websites and it works fine there. Can it be that it is up to the server settings of the provider? The provider is Strato.

Check it here at the bottom:

If I open the developer tools in my browser (Tab Network) and click on one of your links, I can see a 401 (Unauthorized) error code.

Have you changed the snippet inside MODx or the file under /core/components/filedownloadr/elements/snippets? You should make the change to the snippet in MODX!

o.k, now i get an error message:
[2021-05-05 14:52:19] (ERROR @ /.../core/cache/includes/elements/modsnippet/31.include.cache.php : 719) -> sendUnauthorizedPage

Ok. The code does a check here, to make sure that the link isn’t called from a different page. Probably the value of $_SERVER['HTTP_REFERER'] can’t be read.

To be sure what is going on, you could add some additional log messages:

$modx->log(modX::LOG_LEVEL_ERROR,'$ref=' . $ref);
$modx->log(modX::LOG_LEVEL_ERROR,'$baseRef=' . $baseRef);
$modx->log(modX::LOG_LEVEL_ERROR,'$page=' . $page);

i get this error messages:

[2021-05-05 15:17:56] (ERROR @ /.../core/cache/includes/elements/modsnippet/31.include.cache.php : 719) -> sendUnauthorizedPage
[2021-05-05 15:17:56] (ERROR @ /.../core/cache/includes/elements/modsnippet/31.include.cache.php : 720) $ref=
[2021-05-05 15:17:56] (ERROR @ /.../core/cache/includes/elements/modsnippet/31.include.cache.php : 721) $baseRef=
[2021-05-05 15:17:56] (ERROR @ /.../core/cache/includes/elements/modsnippet/31.include.cache.php : 722) $page=

This confirms what I supposed earlier. $_SERVER['HTTP_REFERER'] is empty and therefore the check fails.

I have no idea however, why $_SERVER['HTTP_REFERER'] is empty!

Can we set the HTTP_REFERER manually?

Personally, I would probably just comment out the line that does the redirection and then the downloads should work.

if ($baseRef !== $page) {
	//return $modx->sendUnauthorizedPage();

If someone has no permission to access, then he can’t download the file anyway, no matter the value of the referer header.

This line in the <head> of your website prevents the referer header from being sent.

<meta name="referrer" content="no-referrer">

So alternatively you could just change this tag. Maybe to <meta name="referrer" content="same-origin">.