Django: Getting Started Transcripts
Chapter: Deploying Django Webapps
Lecture: Protecting media files
Login or
purchase this course
to watch this video and the rest of the course contents.
0:00
The simplest configuration for media files is for them to be served by the web server
0:05
and with the right settings you just need to point it to a directory. This mechanism means that anyone with the URL
0:11
will be able to get at all the files though. There are a couple ways of making this more restricted.
0:17
You can write a view that does permission controls and then instead of rendering templates, returns the binary file.
0:24
But then you're using Django to serve the media content instead of the web server. It isn't really optimized for this.
0:32
There is an alternative but it depends on what web server you're using.
0:36
There's a specific way to write a view that returns an almost empty response with just a specific http header set.
0:44
The web server sees this header and intercepts it. It doesn't get set down to the browser instead it uses the header to look for
0:51
the appropriate file and serve it from a protected location. You're still writing a view, but now all the view has to do is return a header.
0:59
The web server takes care of the rest. Your view can have all the permission and validation code you need to protect the file
1:06
without having to worry about serializing the media file to the user. The header is server specific. In Apache, it's called X-Sendfile and in nginx,
1:17
it is X-Accel-Redirect. Details about this are beyond the scope of this course but a little googling will get you there or you can do the best thing,
1:27
depend on someone else's code. There are third party libraries that handle all of this one of which is called Django Protected Files.