Apache X-sendfile with permissions checking

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
Add to urls.py:
urlpatterns += patterns('',
    url(r'^media\/(?P<path>.*)$', 'views.media_xsendfile', {
        'document_root': settings.MEDIA_ROOT,
    }),
)


Add to views.py:
from django.conf import settings
from django.http import HttpResponse
from django.contrib.admin.views.decorators import staff_member_required

@staff_member_required
def media_xsendfile(request, path, document_root):
    response = HttpResponse()
    response['Content-Type'] = ''
    response['X-Sendfile'] = (os.path.join(settings.MEDIA_ROOT, path)).encode('utf-8')
    return response

More like this

  1. X-Sendfile static file serve view by dokterbob 2 years, 7 months ago
  2. Custom mod_python AuthenHandler by aeby 5 years, 9 months ago
  3. versioned_media templatetag by dnordberg 4 years, 9 months ago
  4. Use the WSGIAccessScript Directive to secure static files based on the Django session by LuckiDog 2 years ago
  5. Python fixup handler for Apache by ofalk 3 years, 11 months ago

Comments

btimby (on April 3, 2012):

Along with UTF-8 encoding, you should use URL encoding.

https://github.com/nmaier/mod_xsendfile/commit/0efcd03ac196930da6b139b77972c0d430e0225c

This way any non-ASCII chars can be safely sent via the HTTP header (which must be 7 bit values).

response['X-Sendfile'] = urllib.quote(os.path.join(settings.MEDIA_ROOT, path).encode('utf-8'))

#

MechanisM (on April 4, 2012):

Same for nginx but: X-Accel-Redirect instead of X-Sendfile

#

MechanisM (on April 4, 2012):

Additional info for nginx is here http://wiki.nginx.org/XSendfile

#

(Forgotten your password?)