Django：阻止直接访问文件 [英] Django: preventing direct access to files

问题描述

我想从我的网页目录的根目录下动态地提供文件。目前，我正在为所有文件提供静态的，我只是为了包含我的javascripts和css文件。我意识到这可能是愚蠢的，但我无法以其他方式提供文件！

I want to serve files dynamically from behind the root of my web directory. Currently I'm serving all the files statically which I did just in order to include my javascripts and css files. I realize this is probably dumb but I'm not able to serve files any other way!

所以，我想要动态地提供文件，没有用户可以访问另一次只是使用一个网址。

So, I want to serve files dynamically, without the user being able access at another time just by using a url.

我的设置

ADMIN_MEDIA_PREFIX = '/media/'
MEDIA_ROOT = os.path.join( APP_DIR, 'site_media' )
MEDIA_URL = 'http://localhost:8000/site_media/'

我的URLS

( r'^site_media/(?P<path>.*)$', 'django.views.static.serve', { 'document_root': settings.MEDIA_ROOT } )

谢谢！

推荐答案

动态是什么意思？你想要实现什么？你想控制对这些文件的访问吗？

What do you mean by "dynamically"? What is it that you're trying to achieve? Do you want to control access to the files?

如果你想运行一些Django视图来决定用户是否被允许访问该文件，你可以使用sendfile。有关如何设置正确标题的代码，请参阅以下代码段： http://djangosnippets.org/snippets/2226/

If you want to run some Django-view that decides whether the user is allowed access to the file or not, you can use sendfile. See the following snippet for code on how to set the correct headers: http://djangosnippets.org/snippets/2226/

您的网络服务器还需要支持这个标题，至少与我合作过的apache和nginx。

Your webserver also needs to support this header, at least apache and nginx which I've worked with does.

您还需要考虑如何存储和分发文件，因为运行Web服务器的服务器需要访问文件。这将取决于您的设置。

You also need to think about how to store and distribute the files as the server that is running the webserver needs access to the files. This will depend on your setup.

这篇关于Django：阻止直接访问文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！