Link to download

63 views
Skip to first unread message

Sixtine Vernhes

unread,
May 2, 2017, 6:34:30 AM5/2/17
to Django users
Hi !

I try to create a link on Django who download a static csv file, but I have no idea how to do.
In my settings.py :

STATIC_URL = '/static/'
STATICFILES_DIRS = (
    os.path.join(BASE_DIR, "static/"),
)

and my file is in this directory

Would anyone have an idea ?


Antonis Christofides

unread,
May 2, 2017, 8:04:05 AM5/2/17
to django...@googlegroups.com

Is this in production or development? What is the url that doesn't work? What happens when you try the url?

Regards,

A.

Antonis Christofides
http://djangodeployment.com
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c505a804-3cc6-4584-a47a-bffadee6fb5e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Sixtine Vernhes

unread,
May 2, 2017, 8:44:33 AM5/2/17
to Django users
This is in development. I try to send url of my file in views.py :
  
 return render(request, "export.html", {'out': urlOut})

and in my template I have the link :

Lien du <a href="{{out}}"> fichier </a>

but when I open it I have this link :

http://127.0.0.1:8000/home/myuser/Data/01/export.txt

and I want to have this to download the file : /home/myuser/Data/01/export.txt

Have you any ideas?

(sorry i'm newbie in django ^^)

m712 - Developer

unread,
May 2, 2017, 10:55:43 AM5/2/17
to Django users, Sixtine Vernhes

You cannot get a file outside of your project unless you symlink it inside the project. This is also a Very Bad Thing(TM) as it may allow attackers to request arbitrary files.
What you should do instead is this:
1) Put Data/01/export.txt to the static/ folder inside your app (with the same folder structure if you need it that way)
2) Build the path to your file with /static/ as prefix, i.e. http://127.0.0.1/static/Data/01/export.txt

Antonis Christofides

unread,
May 2, 2017, 12:13:01 PM5/2/17
to django...@googlegroups.com

You cannot get a file outside of your project unless you symlink it inside the project. This is also a Very Bad Thing(TM) as it may allow attackers to request arbitrary files.

You can get a file outside your project. Whether this is a bad thing or not depends on why and how. I also don't think this file should be placed in the static directory. The static directory is for files that don't change after the program is installed. The media directory might be more appropriate.

If what you are doing is to dynamically create a csv file for your user to download immediately, one possible way of doing that is (untested):

from tempfile import TemporaryFile

csvfile = TemporaryFile()
export_your_data_to_the_file(csvfile)
file_size = csvfile.tell()
csvfile.seek(0)
response = HttpResponse(csvfile.read(), content_type='text/csv')
response['Content-Disposition'] = 'attachment; filename=whateveryoulike.csv'
response['Content-Length'] = str(size)
return response

Regards,

A.

Antonis Christofides
http://djangodeployment.com
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.

Sixtine Vernhes

unread,
May 3, 2017, 9:18:06 AM5/3/17
to Django users
It's work with the use of media :)
Thanks for the help !

Le mardi 2 mai 2017 18:13:01 UTC+2, Antonis Christofides a écrit :

You cannot get a file outside of your project unless you symlink it inside the project. This is also a Very Bad Thing(TM) as it may allow attackers to request arbitrary files.
You can get a file outside your project. Whether this is a bad thing or not depends on why and how. I also don't think this file should be placed in the static directory. The static directory is for files that don't change after the program is installed. The media directory might be more appropriate.

If what you are doing is to dynamically create a csv file for your user to download immediately, one possible way of doing that is (untested):

from tempfile import TemporaryFile

csvfile = TemporaryFile()
export_your_data_to_the_file(csvfile)
file_size = csvfile.tell()
csvfile.seek(0)
response = HttpResponse(csvfile.read(), content_type='text/csv')
response['Content-Disposition'] = 'attachment; filename=whateveryoulike.csv'
response['Content-Length'] = str(size)
return response

Regards,

A.

Antonis Christofides
http://djangodeployment.com
On 2017-05-02 17:53, m712 - Developer wrote:

You cannot get a file outside of your project unless you symlink it inside the project. This is also a Very Bad Thing(TM) as it may allow attackers to request arbitrary files.
What you should do instead is this:
1) Put Data/01/export.txt to the static/ folder inside your app (with the same folder structure if you need it that way)
2) Build the path to your file with /static/ as prefix, i.e. http://127.0.0.1/static/Data/01/export.txt

Tim Chase

unread,
May 3, 2017, 2:35:50 PM5/3/17
to django...@googlegroups.com
On 2017-05-02 19:11, Antonis Christofides wrote:
> response = HttpResponse(csvfile.read(), content_type='text/csv')

Beware that, if your content can get huge (some of our reports can
run to hundreds of megabytes), you might want to investigate
something like the "sendfile" alternatives or spew it out as generator
instead of doing .read() to suck the whole thing into memory.

-tkc



Dan Tagg

unread,
May 3, 2017, 3:13:36 PM5/3/17
to django...@googlegroups.com
You might want to check out WhiteNoise (https://whitenoise.readthedocs.io/en/stable/) perhaps in conjunction with a CDN

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.

To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20170503133519.05365d67%40bigbox.christie.dr.

For more options, visit https://groups.google.com/d/optout.



--
Wildman and Herring Limited, Registered Office: Sir Robert Peel House, 178 Bishopsgate, London, United Kingdom, EC2M 4NJ, Company no: 05766374

Abraham Varricatt

unread,
May 5, 2017, 3:56:42 PM5/5/17
to Django users
That's an interesting project!

If I use WhiteNoise as part of a production deploy somewhere, can I skip (or ignore) running 'manage.py collectstatic' ?

Yours,
Abraham V.



On Wednesday, 3 May 2017 15:13:36 UTC-4, Dan Tagg wrote:
You might want to check out WhiteNoise (https://whitenoise.readthedocs.io/en/stable/) perhaps in conjunction with a CDN
On 3 May 2017 at 19:35, Tim Chase <django...@tim.thechases.com> wrote:
On 2017-05-02 19:11, Antonis Christofides wrote:
> response = HttpResponse(csvfile.read(), content_type='text/csv')

Beware that, if your content can get huge (some of our reports can
run to hundreds of megabytes), you might want to investigate
something like the "sendfile" alternatives or spew it out as generator
instead of doing .read() to suck the whole thing into memory.

-tkc



--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.

To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
Reply all
Reply to author
Forward
0 new messages