Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protecting static files in your web app
Search
Max Ludwig
January 02, 2016
Programming
0
510
Protecting static files in your web app
... in production
https://github.com/dAnjou/xsendfile-example
Max Ludwig
January 02, 2016
Tweet
Share
Other Decks in Programming
See All in Programming
Feature Toggle は捨てやすく使おう
gennei
0
240
PHPのバージョンアップ時にも役立ったAST(2026年版)
matsuo_atsushi
0
220
エンジニアの「手元の自動化」を加速するn8n 2026.02.27
symy2co
0
170
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
900
AI時代の脳疲弊と向き合う ~言語学としてのPHP~
sakuraikotone
1
1.5k
最初からAWS CDKで技術検証してもいいんじゃない?
akihisaikeda
4
160
コーディングルールの鮮度を保ちたい / keep-fresh-go-internal-conventions
handlename
0
230
Rで始めるML・LLM活用入門
wakamatsu_takumu
0
190
AI時代のシステム設計:ドメインモデルで変更しやすさを守る設計戦略
masuda220
PRO
6
1.1k
米国のサイバーセキュリティタイムラインと見る Goの暗号パッケージの進化
tomtwinkle
2
640
Kubernetesでセルフホストが簡単なNewSQLを求めて / Seeking a NewSQL Database That's Simple to Self-Host on Kubernetes
nnaka2992
0
170
OTP を自動で入力する裏技
megabitsenmzq
0
120
Featured
See All Featured
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
68
38k
The Cult of Friendly URLs
andyhume
79
6.8k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
4 Signs Your Business is Dying
shpigford
187
22k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.2k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
1
3.5k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
130
Git: the NoSQL Database
bkeepers
PRO
432
67k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Transcript
… in production Protecting static files in your web app
X-Sendfile HTTP header
GET /video.ogv video.ogv web server web app check permissions +
set header check header + serve file
from django.http import HttpResponse from django.utils.encoding import smart_str def sendfile(request,
filename, **kwargs): # check requesting user’s permissions response = HttpResponse() response['X-Sendfile'] = smart_str(unicode(filename)) return response django-sendfile/sendfile/backends/xsendfile.py
<VirtualHost *:80> XSendFile On # ... </VirtualHost> /etc/apache2/sites-available/example.de
Apache2: X-Sendfile nginx: X-Accel-Redirect Lighttpd: X-LIGHTTPD-send-file
github.com/dAnjou/xsendfile-example
[email protected]
gennei
matsuo_atsushi
symy2co
ivargrimstad
sakuraikotone
akihisaikeda
handlename
wakamatsu_takumu
masuda220
tomtwinkle
nnaka2992
megabitsenmzq
akihiro_kokubo
andyhume
smashingmag
shpigford
aleyda
caitiem20
katarinadahlin
destraynor
tmiket
bkeepers
eileencodes
erikaheidi
![github.com/dAnjou/xsendfile-example [email protected]](https://files.speakerdeck.com/presentations/9ddecf31906447fcbf3e947c20e0f747/slide_6.jpg){kind=link}