Is there a way to protect a file in the public directory with Dancer2? In Dancer I was using before_file_render hook to achieve that. before_file_render is still present in Dancer2::Handler::File, but It doesn't work out of box for me. Thank you
On Sun, 2015-09-27 at 18:06 +0200, Alex Mestiashvili wrote:
Is there a way to protect a file in the public directory with Dancer2?
I think the answer is probably "don't put it in the public area". If it's not for public consumption, I suggest you use send_file in a route instead.
In Dancer I was using before_file_render hook to achieve that. before_file_render is still present in Dancer2::Handler::File, but It doesn't work out of box for me.
Because it is assumed that anything in the public area is exactly that, the files are sent as quickly as possible, without wasting time in hooks etc. I think there was some info on these changes in the Perl Advent Calendar. Andy
Thank you for the hint, I think I found this advent: http://advent.perldancer.org/2014/6 . Can I use send_file together with a template ? Let's say I want to render html with an image, but I want to make the image available only if logged_in_user(); If it doesn't work with the send_file, the only way I see is to create a random, temporary symlinks in public pointing to the "not public" files which will be valid during the session and removed after the session is destroyed. And use these temporary locations to render the protected images the usual way. Any other ideas ? Thank you, Alex On Sun, Sep 27, 2015 at 6:17 PM, Andrew Beverley <andy@andybev.com> wrote:
On Sun, 2015-09-27 at 18:06 +0200, Alex Mestiashvili wrote:
Is there a way to protect a file in the public directory with Dancer2?
I think the answer is probably "don't put it in the public area".
If it's not for public consumption, I suggest you use send_file in a route instead.
In Dancer I was using before_file_render hook to achieve that. before_file_render is still present in Dancer2::Handler::File, but It doesn't work out of box for me.
Because it is assumed that anything in the public area is exactly that, the files are sent as quickly as possible, without wasting time in hooks etc.
I think there was some info on these changes in the Perl Advent Calendar.
Andy
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
Hi! 2015-09-27 22:03 GMT+03:00 Alex Mestiashvili <mailatgoogl@gmail.com>:
Can I use send_file together with a template ? Let's say I want to render html with an image,
Serving HTML and image for this HTML-page are 2 separate requests, you can't send them together. Using send_file seems not appropriate, because it sets Content-disposition-header. Which means: browser downloads a file, but you want to show it inside HTML.
Any other ideas ?
For example, you may link this images directory symbolically into session-named directory and use this name as prefix in your template. Another way (my preference) is to use some Plack middleware for authorization and use it as gatekeeper which makes sure, that some directories (or just files) are accessible only to certain (logged in) users. Wbr, -- Kõike hääd, Gunnar
Can I use send_file together with a template ? Let's say I want to render html with an image,
Serving HTML and image for this HTML-page are 2 separate requests, you can't send them together.
Using send_file seems not appropriate, because it sets Content-disposition-header. Which means: browser downloads a file, but you want to show it inside HTML.
I see, that's what I was suspecting.
Any other ideas ?
For example, you may link this images directory symbolically into session-named directory and use this name as prefix in your template.
This sounds as the solution for me, though it is not that flexible as the before hook. Alternatively I can switch to Dancer 1:)
Another way (my preference) is to use some Plack middleware for authorization and use it as gatekeeper which makes sure, that some directories (or just files) are accessible only to certain (logged in) users.
I use Dancer2::Plugin::Auth::Extensible and switching to another authentication will make the whole thing more complicated, so for now I'll try to play with symlinks. Thank you for your help.
participants (3)
-
Alex Mestiashvili -
Andrew Beverley -
WK