Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Protecting static files in your web app

Avatar for Max Ludwig Max Ludwig
January 02, 2016
Programming
0
500

Protecting static files in your web app

... in production

https://github.com/dAnjou/xsendfile-example

Avatar for Max Ludwig

Max Ludwig

January 02, 2016
Tweet

Other Decks in Programming

See All in Programming
AIの弱点、やっぱりプログラミングは人間が(も)勉強しよう / YAPC AI and Programming
Avatar for Naoki Kishida kishida
13
5.5k
分散DBって何者なんだ... Spannerから学ぶRDBとの違い
Avatar for kensho iwashi623
0
140
WebRTC と Rust と 8K 60fps
Avatar for tnoho tnoho
2
720
TypeScriptで設計する 堅牢さとUXを両立した非同期ワークフローの実現
Avatar for Matsumoto Moeka moeka__c
5
2.7k
Stay Hacker 〜九州で生まれ、Perlに出会い、コミュニティで育つ〜
Avatar for Kazuhiko Yamashita pyama86
2
2.9k
AI駆動開発ライフサイクル(AI-DLC)のホワイトペーパーを解説
Avatar for Yasutomo Hariu swxhariu5
0
1.6k
これだけで丸わかり!LangChain v1.0 アップデートまとめ
Avatar for os1ma os1ma
4
340
CSC305 Lecture 15
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
210
Honoを技術選定したAI要件定義プラットフォームAcsimでの意思決定
Avatar for Tadashi Shigeoka codenote
0
280
CSC305 Lecture 17
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
200
高単価案件で働くための心構え
Avatar for Katsuma Narisawa nullnull
0
170
アーキテクチャと考える迷子にならない開発者テスト
Avatar for irof irof
9
3.4k

Featured

See All Featured
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
80
6.1k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
36
7k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
Done Done
Avatar for chrislema chrislema
186
16k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
1k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
285
14k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
11
950
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.3k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
57
6.6k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
34
2.3k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
230k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
791
250k

Transcript

  1. … in production Protecting static files in your web app

  2. X-Sendfile HTTP header

  3. GET /video.ogv video.ogv web server web app check permissions +

    set header check header + serve file

  4. from django.http import HttpResponse from django.utils.encoding import smart_str def sendfile(request,

    filename, **kwargs): # check requesting user’s permissions response = HttpResponse() response['X-Sendfile'] = smart_str(unicode(filename)) return response django-sendfile/sendfile/backends/xsendfile.py

  5. <VirtualHost *:80> XSendFile On # ... </VirtualHost> /etc/apache2/sites-available/example.de

  6. Apache2: X-Sendfile nginx: X-Accel-Redirect Lighttpd: X-LIGHTTPD-send-file

  7. github.com/dAnjou/xsendfile-example [email protected]