Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Protecting static files in your web app

Avatar for Max Ludwig Max Ludwig
January 02, 2016
Programming
0
490

Protecting static files in your web app

... in production

https://github.com/dAnjou/xsendfile-example

Avatar for Max Ludwig

Max Ludwig

January 02, 2016
Tweet

Other Decks in Programming

See All in Programming
モテるデスク環境
Avatar for mozumasu mozumasu
3
1.1k
CSC509 Lecture 07
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
240
Go言語の特性を活かした公式MCP SDKの設計
Avatar for hond hond0413
1
440
フロントエンド開発のためのブラウザ組み込みAI入門
Avatar for Masashi Hirano masashi
7
3.4k
エンジニアインターン「Treasure」とHonoの2年、そして未来へ / Our Journey with Hono Two Years at Treasure and Beyond
Avatar for CARTA Engineering carta_engineering
0
410
pnpm に provenance のダウングレード を検出する PR を出してみた
Avatar for mattsuu ryo_manba
1
150
Writing Better Go: Lessons from 10 Code Reviews
Avatar for Konrad Reiche konradreiche
3
5.8k
Six and a half ridiculous things to do with Quarkus
Avatar for Holly Cummins hollycummins
0
210
Webサーバーサイド言語としてのRustについて
Avatar for kaza kouyuume
1
4.1k
組込みだけじゃない!TinyGo で始める無料クラウド開発入門
Avatar for Kotaro Otaka otakakot
2
360
AI Coding Meetup #3 - 導入セッション / ai-coding-meetup-3
Avatar for Masayuki Izumi izumin5210
0
3.4k
AI Agent 時代的開發者生存指南
Avatar for 高見龍 eddie
4
2.1k

Featured

See All Featured
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
33k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
162
15k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.2k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
657
61k
It's Worth the Effort
Avatar for 3n 3n
187
28k
Leading Effective Engineering Teams in the AI Era
Avatar for Addy Osmani addyosmani
7
570
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
15k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
27k
Designing for humans not robots
Avatar for Tammie Lister tammielis
254
26k
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
24
3.7k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
70
4.9k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k

Transcript

  1. … in production Protecting static files in your web app

  2. X-Sendfile HTTP header

  3. GET /video.ogv video.ogv web server web app check permissions +

    set header check header + serve file

  4. from django.http import HttpResponse from django.utils.encoding import smart_str def sendfile(request,

    filename, **kwargs): # check requesting user’s permissions response = HttpResponse() response['X-Sendfile'] = smart_str(unicode(filename)) return response django-sendfile/sendfile/backends/xsendfile.py

  5. <VirtualHost *:80> XSendFile On # ... </VirtualHost> /etc/apache2/sites-available/example.de

  6. Apache2: X-Sendfile nginx: X-Accel-Redirect Lighttpd: X-LIGHTTPD-send-file

  7. github.com/dAnjou/xsendfile-example [email protected]