[Django]-Django: Password protect photo url's?

6👍

Use X-Sendfile headers to tell your front end server what file to actually server.

@check_permissions
def image(request):
    response = HttpResponse(mimetype='image/png')    
    response['X-Sendfile'] = "/real/path/to/image.png"
    return response

Here is a related question. You can also see a real world implementation by looking at how Satchmo serves DownloadableProduct objects.

One final note, nginx and lighttpd use X-Accel-Redirect and X-LIGHTTPD-send-file instead of X-Sendfile.

2👍

You can do this by creating a HttpResponse with the mime type of the image and then writes/copies the image file to it.

A simple version could look like the following:

from django.http import HttpResponse

@your_favourite_permission_decorator
def image(request):
    response = HttpResponse(mimetype='image/png')

    with open("image.png") as img:
        response.write(img.read())
    return response

Also, see this example for PDF files and this example with PIL.

0👍

If it was Apache server with mod_python, this could potentially be an interesting article about Apache using Django’s authentication system.

Leave a comment