Actually, I just found out about the X-Sendfile header which I think might solve this problem. It basically allows you to set the HttpResponse content to an empty string, but the X-Sendfile header tells apache to send a file from the filesystem, so apache handles the actual serving of the file, but it still allows you to do preprocessing beforehand. I'll probably just override django.views.static.serve to support this, and use the X-Sendfile header when in production mode.
On Sat, Sep 26, 2009 at 11:16 PM, Graham Dumpleton < graham.dumple...@gmail.com> wrote: > > > > On Sep 27, 3:08 am, Ben Davis <bendavi...@gmail.com> wrote: > > I would like to be able to serve files that were uploaded via the admin > > site; for example, when someone clicks on the "Currently:" file link in > the > > changeform. However, I also have the following requirements: > > > > 1. The file should only be accessible when authenticated via django's > > auth system > > 2. Clicking the file link should not present an already authenticated > > user with another authentication challenge > > > > I'm currently using a custom FileSystemStorage location and base_url for > > files that should be only accessible via the admin. > > > > I've seen this documentation: > http://docs.djangoproject.com/en/dev/howto/apache-auth/, but it deals > with > > mod_python, and I'm using mod_wsgi, so I'm not sure if that will work. > > Also, I'm not sure if that solution meets requirement #2. > > > > Any ideas? > > The mod_wsgi equivalent of that page is at: > > http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms > > Neither will help you though as they implement Basic/Digest > authentication which is distinct from Django form/session based > authentication and would as a result prompt for credentials again. > > Graham > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
