module ActionController::Streaming
def send_file(path, options = {}) #:doc:
for the Cache-Control header spec.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
http://www.mnot.net/cache_docs/ for an overview of web caching and
the server before releasing cached responses. See
by intermediaries. They default to require clients to validate with
The Pragma and Cache-Control headers declare how the file may be cached
Also be aware that the document may be cached by proxies and browsers.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
provide the user with more information (such as Content-Description) in
Read about the other Content-* HTTP headers if you'd like to
send_file '/path/to/404.html', :type => 'text/html; charset=utf-8', :status => 404
Show a 404 page in the browser:
send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline'
Show a JPEG in the browser:
send_file '/path/to.zip'
Simple download:
a variety of quirks (especially when downloading over SSL).
possible. IE versions 4, 5, 5.5, and 6 are all known to have
set to download arbitrary binary files in as many browsers as
The default Content-Type and Content-Disposition headers are
(setting :filename overrides this option).
the URL, which is necessary for i18n filenames on certain browsers
* :url_based_filename - set to +true+ if you want the browser guess the filename from
* :status - specifies the status code to send with the response. Defaults to '200 OK'.
Valid values are 'inline' and 'attachment' (default).
* :disposition - specifies whether the file will be shown inline or downloaded.
either a string or a symbol for a registered type register with Mime::Type.register, for example :json
* :type - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify
Defaults to File.basename(path).
* :filename - suggests a filename for the browser to use.
Options:
download any file on your server.
page. send_file(params[:path]) allows a malicious user to
Be careful to sanitize the path parameter if it is coming from a web
Your server can also configure this for you by setting the X-Sendfile-Type header.
config.action_dispatch.x_sendfile_header, and defaults to "X-Sendfile".
via the Rack::Sendfile middleware. The header to use is set via
Sends the file. This uses a server-appropriate method (such as X-Sendfile)
def send_file(path, options = {}) #:doc: raise MissingFile, "Cannot read file #{path}" unless File.file?(path) and File.readable?(path) options[:filename] ||= File.basename(path) unless options[:url_based_filename] send_file_headers! options if options[:x_sendfile] ActiveSupport::Deprecation.warn(":x_sendfile is no longer needed in send_file", caller) end self.status = options[:status] || 200 self.content_type = options[:content_type] if options.key?(:content_type) self.response_body = File.open(path, "rb") end