handle requests for frontend files through secured route

app/controllers/application_controller.rb

@@ -1,12 +1,4 @@
 class ApplicationController < ActionController::API
   include Response
-  include ActionView::Layouts
+  include BasicAuth
-
-  include ActionController::HttpAuthentication::Basic::ControllerMethods
-  http_basic_authenticate_with name: ENV['BASIC_AUTH_USERNAME'],
-                               password: ENV['BASIC_AUTH_PASSWORD']
-
-  def frontend_index_html
-    render file: 'protected_public/index.html'
-  end
 end

app/controllers/concerns/basic_auth.rb

@@ -0,0 +1,9 @@
+module BasicAuth
+  extend ActiveSupport::Concern
+
+  included do
+    include ActionController::HttpAuthentication::Basic::ControllerMethods
+    http_basic_authenticate_with name: ENV['BASIC_AUTH_USERNAME'],
+                                 password: ENV['BASIC_AUTH_PASSWORD']
+  end
+end

app/controllers/static_controller.rb

@@ -0,0 +1,17 @@
+class StaticController < ActionController::API
+  include ActionView::Layouts
+  include BasicAuth
+
+  def frontend_index_html
+    if params[:path].present?
+      send_file params[:path]
+    else
+      render file: 'protected_public/index.html'
+    end
+  end
+
+  def frontend_static
+    full_path = "protected_public/#{params[:path]}.#{params[:format]}"
+    send_file full_path
+  end
+end

config/routes.rb

@@ -8,10 +8,6 @@ Rails.application.routes.draw do
     end
   end
 
-  root to: 'application#frontend_index_html'
+  get '*path', to: 'static#frontend_static'
-
+  root to: 'static#frontend_index_html'
-  get '*path', to: 'application#frontend_index_html', constraints: lambda { |request|
-    !request.xhr? && request.format.html?
-  }
-  # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
 end