Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Protecting static files in your web app

Avatar for Max Ludwig Max Ludwig
January 02, 2016
Programming
510
0

Protecting static files in your web app

... in production

https://github.com/dAnjou/xsendfile-example

Avatar for Max Ludwig

Max Ludwig

January 02, 2016

Other Decks in Programming

See All in Programming
[KCD Czech] eBPF Meets the GPU: Future of AI Infra Observability
Avatar for Donia Chaiehloudj doniacld
0
130
誰も頼んでない機能を出荷した話
Avatar for Hidetaka Toriyama zekutax
0
150
iOS26時代の新規アプリ開発
Avatar for 野瀬田 裕樹 yuukiw00w
0
230
AIチームを指揮するOSS「TAKT」活用術 / How to Use “TAKT,” an OSS Tool for Orchestrating AI Teams
Avatar for nrs nrslib
6
760
Oxlintはいかにしてtsgolintのlint ruleを呼び出しているのか
Avatar for syumai syumai
2
1k
SPMマルチモジュールで テストカバレッジを取得する技法
Avatar for yosshi yosshi4486
0
140
tsserverとは何だったのか、これからどうなるのか
Avatar for Ryota Nakamura nowaki28
1
430
Composerを使ったサプライチェーン攻撃の様子を眺めてみる #phpstudy
Avatar for hideki kinjyo o0h
PRO
2
200
OSもどきOS
Avatar for Sora Arakawa arkw
0
370
Technical Debt: Understanding it Rightly, Engaging it Rightly #LaravelLiveJP
Avatar for shogogg shogogg
0
180
Lessons from Spec-Driven Development
Avatar for Simon Martinelli simas
PRO
0
110
AIとRubyの静的型付け
Avatar for ukin0k0 ukin0k0
0
490

Featured

See All Featured
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
12k
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
Avatar for UX Y'all uxyall
0
1.5k
AI in Enterprises - Java and Open Source to the Rescue
Avatar for ivargrimstad ivargrimstad
0
1.3k
Done Done
Avatar for chrislema chrislema
186
16k
A brief & incomplete history of 
UX Design for the World Wide Web: 1989–2019
Avatar for Jason CranfordTeague jct
2
380
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
39
3.2k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
76
5.2k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
Avatar for Dr. Kim W Petersen kimpetersen
PRO
1
710
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
1
300
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
57
6.9k
SEO in 2025: How to Prepare for the Future of Search
Avatar for Michael King ipullrank
3
3.5k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
Avatar for David Carrasco davidcarrasco
3
150

Transcript

  1. … in production Protecting static files in your web app

  2. X-Sendfile HTTP header

  3. GET /video.ogv video.ogv web server web app check permissions +

    set header check header + serve file

  4. from django.http import HttpResponse from django.utils.encoding import smart_str def sendfile(request,

    filename, **kwargs): # check requesting user’s permissions response = HttpResponse() response['X-Sendfile'] = smart_str(unicode(filename)) return response django-sendfile/sendfile/backends/xsendfile.py

  5. <VirtualHost *:80> XSendFile On # ... </VirtualHost> /etc/apache2/sites-available/example.de

  6. Apache2: X-Sendfile nginx: X-Accel-Redirect Lighttpd: X-LIGHTTPD-send-file

  7. github.com/dAnjou/xsendfile-example [email protected]