Dancer::send_file() gives a "No such file" error if you pass it an absolute path or one that is not directly relative to $pubdir. I'm using send_file() to send dynamically generated PDF files to the client from behind pretty routes. That is, I want '/pdf/foo.pdf' to generate and send: /home/me/app/pdfbuild/foo-$user-$yymmdd-$hhmmss.pdf The generated PDF file has the user name in it so that other users don't clobber each others' generated PDFs. The file name contains a timestamp because the data that goes into the PDF changes frequently, so a second access of the URL needs to re-generate the PDF. Because of all this dynamic generation, I'm doing the background work in this pdfbuild directory, because I don't want to expose the intermediate files. I've fixed this by putting the intermediate files in pdfbuild and the final output PDF in .../pdfbuild/../public/pdf but this effectively exposes all generated PDFs: any user can pull up any other user's dynamic PDF if they know another user name and can make sensible guesses about the timestamp. Obviously I could add a nonce to the file name to make guessing impossible, but that's solving the symptom, rather than attacking the actual source of the problem. Why doesn't send_file() just return a binary blob to Dancer, which it recognizes and inserts literally into the response content body? Why does it care where on the filesystem that data comes from?