Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Protecting static files in your web app
Search
Max Ludwig
January 02, 2016
Programming
0
440
Protecting static files in your web app
... in production
https://github.com/dAnjou/xsendfile-example
Max Ludwig
January 02, 2016
Tweet
Share
Other Decks in Programming
See All in Programming
Anthropic Cookbook のおすすめレシピ
schroneko
7
1.3k
Compose-View Interop in Practice (mDevCamp 2024)
stewemetal
0
170
Hanami and htmx
bkuhlmann
0
230
SwiftUIで使いやすいToastの作り方 / How to build a Toast system which is easy to use in SwiftUI
lovee
3
190
Kotlin Multiplatform at Stable and Beyond (Android Makers 2024)
zsmb
0
540
AppRouter Panel Talk
yosuke_furukawa
PRO
1
490
“Seeing Like a Programmer”—Resiliency, Limits, and Moral Hazards in Software Engineering (LambdaConf 2024)
chriskrycho
0
240
From Spring Boot 2 to Spring Boot 3 with Java 21 and Jakarta EE
ivargrimstad
0
760
新宿ダンジョンを可視化してみた
satoshi7190
3
420
Webアプリをできるだけコードを手書きしないで作ってみる
tomokusaba
2
190
Sheets API使ってみた
toshi0383
2
170
禅の心を手に入れよ
eltociear
1
420
Featured
See All Featured
10 Git Anti Patterns You Should be Aware of
lemiorhan
649
58k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
Side Projects
sachag
451
41k
Writing Fast Ruby
sferik
622
60k
Designing with Data
zakiwarfel
96
4.8k
Design by the Numbers
sachag
274
18k
Fantastic passwords and where to find them - at NoRuKo
philnash
39
2.5k
How STYLIGHT went responsive
nonsquared
92
4.8k
Practical Orchestrator
shlominoach
183
9.7k
How to name files
jennybc
65
93k
From Idea to $5000 a Month in 5 Months
shpigford
378
45k
Transcript
… in production Protecting static files in your web app
X-Sendfile HTTP header
GET /video.ogv video.ogv web server web app check permissions +
set header check header + serve file
from django.http import HttpResponse from django.utils.encoding import smart_str def sendfile(request,
filename, **kwargs): # check requesting user’s permissions response = HttpResponse() response['X-Sendfile'] = smart_str(unicode(filename)) return response django-sendfile/sendfile/backends/xsendfile.py
<VirtualHost *:80> XSendFile On # ... </VirtualHost> /etc/apache2/sites-available/example.de
Apache2: X-Sendfile nginx: X-Accel-Redirect Lighttpd: X-LIGHTTPD-send-file
github.com/dAnjou/xsendfile-example
[email protected]