How to disable Gravity Forms’ Secure File Download Location

Gravity Forms hides the true path (location) of uploaded files for security purposes. This makes sense when you expect to handle form submissions in the admin, but this severely impacts View loading times—especially if your View displays lots of images.

What does "secure download location" mean?

When showing an image on a site, it needs to point to the location of the image on a website.

The location for Gravity Forms’ secure files contains the ?gf-download parameter with a bunch of encryption data added to it, like this:

https://www.example.com/index.php?gf-download=2018%2F11%2F864260e1-b0af-4f61-b798-b6ff0b1d49931.jpg&form-id=1&field-id=4&hash=409bda81bdd179545da1512e9e06ab1753104582a52bedeeaac04f8366e2c264

When secure download location is disabled, the image will point to the actual path to the file on your website, like this:

https://www.example.com/wp-content/uploads/gravity_forms/864260e1-b0af-4f61-b798-b6ff0b1d49931/2018/11/name-of-the-file.jpg

💡 Note how the secure link doesn't show the file's name, but the insecure link does.

Affect on performance

This greatly improves image loading times in GravityView.

Secure image paths make Views load significantly slower, especially when they have many images.

GravityView Maps loading order

We've also observed secure file downloads may also impact how quickly maps load in a View. We have observed situations where map loading is delayed until all secure images have finished loading. Disabling secure file downloads resolves the issue.

Disabling Gravity Forms secure download link

Adding this code will direct GravityView to use the insecure file path when rendering a specific form and field.

In the code, make sure to replace FORM_ID with the ID of the form in the filter name, and 123 with the field ID!

/**
 * Conditionally disable the secure file download location for a specific field in one form.
 *
 * Hooks into the existing 'gform_secure_file_download_location_{FORM_ID}' filter and
 * disables the secure location only for the target field.
 * 
 * @since 1.0.0
 *
 * @param bool               $secure_download_location Whether the secure location should be used. Defaults to true.
 * @param string             $file                     The URL of the file being downloaded.
 * @param GF_Field_FileUpload $field                    The File Upload field object.
 *
 * @return bool Modified $secure_download_location value, if the field ID matches the target field ID.
 */
add_filter( 'gform_secure_file_download_location_FORM_ID', function ( $secure_download_location, $file, $field ) {
	// 👆 REPLACE "FORM_ID" in the filter name with your form ID.

	// 👇 THEN replace "123" with your target field ID.
	if ( (int) $field->id === 123 ) {
		return false; // Disable secure location for this field only.
	}

	return $secure_download_location;
}, 10, 3 );

If you want to have all the file upload paths visible for a form, you can use this code instead. Replace FORM_ID with the ID of the form.

add_filter( 'gform_secure_file_download_location_FORM_ID', '__return_false' );

As with all our code samples, here's how to add the code to your site.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles