Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Protecting static files in your web app

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Max Ludwig Max Ludwig
January 02, 2016
Programming
510
0

Protecting static files in your web app

... in production

https://github.com/dAnjou/xsendfile-example

Avatar for Max Ludwig

Max Ludwig

January 02, 2016

Other Decks in Programming

See All in Programming
AlarmKitで明後日起きれるアラームアプリを作る
Avatar for Trickart trickart
0
130
いつか誰かが、と思っていた フロントエンド刷新5年間の実践知
Avatar for Kiichi Sugihara kiichisugihara
1
260
Import assertionsが消えた日~ECMAScriptの仕様はどう決まり、なぜ覆るのか~
Avatar for おおいし bicstone
2
180
Back to the roots of date
Avatar for jinroq jinroq
0
800
PicoRuby for IoT: Connecting to the Cloud with MQTT
Avatar for Y_uuu yuuu
2
770
JCON - Create Agentic AI Apps, The Easy Way!
Avatar for Kevin Dubois kdubois
1
100
Programming with a DJ Controller — not vibe coding
Avatar for seki at druby.org m_seki
3
820
Firefoxにコントリビューションして得られた学び
Avatar for ken7253 ken7253
2
160
Making the RBS Parser Faster
Avatar for Soutaro Matsumoto soutaro
0
690
実践ハーネスエンジニアリング:ステアリングループを実例から読み解く / Practical Harness Engineering: Understanding Steering Loops Through Real-World Examples
Avatar for nrs nrslib
5
5.1k
My daily life on Ruby
Avatar for Akira Matsuda a_matsuda
3
200
HTML-Aware ERB: The Path to Reactive Rendering @ RubyKaigi 2026, Hakodate, Japan
Avatar for Marco Roth marcoroth
0
680

Featured

See All Featured
Navigating Team Friction
Avatar for Lara Hogan lara
192
16k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
31
3.2k
Neural Spatial Audio Processing for Sound Field Analysis and Control
Avatar for NII S. Koyama's Lab skoyamalab
0
290
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
162
16k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
Avatar for Mike Taylor tmiket
0
340
A Soul's Torment
Avatar for Nat Ma seathinner
6
2.8k
Building Experiences: Design Systems, User Experience, and Full Site Editing
Avatar for Michelle Schulp Hunt marktimemedia
0
500
Building a A Zero-Code AI SEO Workflow
Avatar for Ian Lurie portentint
PRO
0
500
The B2B funnel & how to create a winning content strategy
Avatar for Katarina Dahlin katarinadahlin
PRO
1
350
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
3k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
5k
Ten Tips & Tricks for a 🌱 transition
Avatar for Manu Carrasco Molina stuffmc
0
110

Transcript

  1. … in production Protecting static files in your web app

  2. X-Sendfile HTTP header

  3. GET /video.ogv video.ogv web server web app check permissions +

    set header check header + serve file

  4. from django.http import HttpResponse from django.utils.encoding import smart_str def sendfile(request,

    filename, **kwargs): # check requesting user’s permissions response = HttpResponse() response['X-Sendfile'] = smart_str(unicode(filename)) return response django-sendfile/sendfile/backends/xsendfile.py

  5. <VirtualHost *:80> XSendFile On # ... </VirtualHost> /etc/apache2/sites-available/example.de

  6. Apache2: X-Sendfile nginx: X-Accel-Redirect Lighttpd: X-LIGHTTPD-send-file

  7. github.com/dAnjou/xsendfile-example [email protected]