106 | Chapter 4: Database
From Rails, you can set the response headers by modifying theresponse.headers
hash:
response.headers['X-Sendfile'] = file_path
response.headers['Content-Type'] = 'application/octet-stream'
response.headers['Content-Disposition'] = "attachment; file=\"#{file_name}\""
response.headers['Content-Length'] = File.size(file_path)Web server configuration
Of course, the front end web server must be properly configured to recognize and
process theX-Sendfileheader. Mongrel does not support X-Sendfile, as it assumes
you will proxy to it from a server more capable of serving static content.
If you are using Lighttpd, it has X-Sendfile support built in. For Lighttpd/FastCGI,
just enable theallow-x-send-file option in the server configuration:
fastcgi.server = (
".fcgi" => (
"localhost" => (
...
"allow-x-send-file" => "enable",
...
)
)
)If you are using Apache 2, things are a little more complicated (although not by
much). You have to install themod_xsendfilemodule*into Apache. There are two
configuration flags, both accepting on/off values, which can then be used to control
X-Sendfile behavior:
XSendFile
Determines whether theX-Sendfile header is processed at all.
XsendFileAllowAbove
Determines whether that header can send files above the path of the request. It
defaults tooff for security reasons.
Both of these configuration options can be used in any configuration context, down
to the.htaccessfile (per-directory). Best practice dictates that you should only spec-
ifyXSendFile onin the narrowest possible context. Having X-Sendfile unnecessarily
enabled is a security risk, as it allows a server application to send any file that the
web server can access to the client.
To my knowledge, there is no way to use X-Sendfile on Apache 1.3 at this time.