Where to put PDF files + how to authenticate the urls requesting them

68 views
Skip to first unread message

Loai Ghoraba

unread,
Nov 28, 2012, 5:51:18 AM11/28/12
to Django users
Hi

I have a little question: First, I am hosting my PDF files within /
static directory, (as my understanding is that they are static files),
so is this the correct way to host PDF files and downloadable files
generally ?

Second: Only authenticated users may view the links for those PDF
files, but what if someone knows the url of the files ? he can just
get them. So how to authenticate a url call to a static file ?

Thanks alot

Javier Guerra Giraldez

unread,
Nov 28, 2012, 10:03:34 AM11/28/12
to django...@googlegroups.com
I asked mostly the same thing in StackOverflow a few years ago:

http://stackoverflow.com/questions/263122/custom-http-headers-for-static-files-with-django

The idea is to handle the request with Django, then you can validate
permissions, set headers (for the download name, for example) but
instead of serving the data, you add an extra header
(x-accell-redirect for nginx) that tells the server to add a file
content.

i think there are a couple Django apps that help with that, while also
abstracting the differences between servers.

--
Javier

Javier Guerra Giraldez

unread,
Nov 28, 2012, 10:08:11 AM11/28/12
to django...@googlegroups.com
On Wed, Nov 28, 2012 at 10:03 AM, Javier Guerra Giraldez
<jav...@guerrag.com> wrote:
> i think there are a couple Django apps that help with that, while also
> abstracting the differences between servers.

found these:

https://gist.github.com/1776202
https://github.com/johnsensible/django-sendfile


--
Javier

Loai Ghoraba

unread,
Nov 28, 2012, 1:27:09 PM11/28/12
to django...@googlegroups.com
Thanks for the reply, but I am still new to the web technology world, so I would like to fully use Django now before , moving to another ways to host my files.
Actually I am totally new to serving stuff, so if there is some best practice or that my way is totally wrong, please tell me.

So in short: is there a way to provide some kind of authentication against /static/whatever urls ? Because I want Django to host the file now
Also,  assuming I found someway to do this, django says that to mark a file as downloadable, we can do this 


>>> response = HttpResponse(my_data, content_type='application/vnd.ms-excel')
>>> response['Content-Disposition'] = 'attachment; filename="foo.xls"'

Now what is the type of my_data? any file object ?

Thanks a lot.

Tom Evans

unread,
Nov 29, 2012, 6:15:35 AM11/29/12
to django...@googlegroups.com
On Wed, Nov 28, 2012 at 6:27 PM, Loai Ghoraba <loai...@gmail.com> wrote:
> Thanks for the reply, but I am still new to the web technology world, so I
> would like to fully use Django now before , moving to another ways to host
> my files.
> Actually I am totally new to serving stuff, so if there is some best
> practice or that my way is totally wrong, please tell me.
>
> So in short: is there a way to provide some kind of authentication against
> /static/whatever urls ? Because I want Django to host the file now
> Also, assuming I found someway to do this, django says that to mark a file
> as downloadable, we can do this
>
> https://docs.djangoproject.com/en/dev/ref/request-response/#telling-the-browser-to-treat-the-response-as-a-file-attachment
>
>>>> response = HttpResponse(my_data,
>>>> content_type='application/vnd.ms-excel')
>>>> response['Content-Disposition'] = 'attachment; filename="foo.xls"'
>
>
> Now what is the type of my_data? any file object ?
>

A string, or any file like object - it's just like any HttpResponse.

You do not want to do this though, using Django to download static
files is very wasteful. Others have pointed out solutions where you
use django to authenticate the request, and then instruct your web
server (eg Apache, nginx) to serve the correct file, which will be an
order of magnitude more efficient.

Django is never served by itself, there should always be a real web
server in front of it.

Cheers

Tom

Loai Ghoraba

unread,
Nov 29, 2012, 6:30:57 AM11/29/12
to django...@googlegroups.com
I am still new to sreving stuff (in fact I know barely anything about it :)) Then you instruct to have something like this

        url(r'^media/(?P<path>.*)$', 'myview,func', {
            'document_root': MEDIA_ROOT,
        }),

and my func have the instructions to the real web servers ?

And another question: Does this applies also to light static files like css and javascript ?

Thanks a lot


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.


Tom Evans

unread,
Nov 29, 2012, 6:44:52 AM11/29/12
to django...@googlegroups.com
On Thu, Nov 29, 2012 at 11:30 AM, Loai Ghoraba <loai...@gmail.com> wrote:
> I am still new to sreving stuff (in fact I know barely anything about it :))
> Then you instruct to have something like this
>
> url(r'^media/(?P<path>.*)$', 'myview,func', {
> 'document_root': MEDIA_ROOT,
> }),
>
> and my func have the instructions to the real web servers ?

Read up on X-Sendfile and if anything doesn't make sense, ask some
questions on here.

http://stackoverflow.com/questions/7296642/django-understanding-x-sendfile

>
> And another question: Does this applies also to light static files like css
> and javascript ?

It applies to any file you want to control access to via django.

Cheers

Tom

Loai Ghoraba

unread,
Nov 29, 2012, 7:22:00 AM11/29/12
to django...@googlegroups.com
I read it and it seems nice, I will further read about the topic

Thanks a lot for the help :)


Cheers

Tom

Reply all
Reply to author
Forward
0 new messages