1👍
According to the official docs: how to manage static files:
In addition to these configuration steps, you’ll also need to actually serve the static files.
During development, if you use django.contrib.staticfiles, this will be done automatically by runserver when DEBUG is set to True (see django.contrib.staticfiles.views.serve()).
This method is grossly inefficient and probably insecure, so it is unsuitable for production.
That being said, no-one cares about the security of serving static files in Django and you shouldn’t be using it in production. Use a dedicated server to serve static files, how to deploy static files in production
0👍
There seems to be a typo here?
TEMPLATES = TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': ["templates"],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
It should just have one word TEMPLATES and DIRS should be an ABSOLUTE path like this:
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [os.path.join(BASE_DIR, "templates"),],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
In production, you can use Nginx to deploy your app and if set up correctly, all the paths that are not declared in urls.py should be denied.
Hope that helps.
0👍
You didn’t configure static files settings properly for production. You should serve static files directly in Nginx.
nginx config:
server {
....
location /static/ {
alias /app/staticfiles/;
}
}
when a request is sent to /static/ — e.g, /static/base.css — Nginx will attempt to serve the file from the "/app/staticfiles/" folder.
links for more info:
https://docs.djangoproject.com/en/4.0/ref/contrib/staticfiles/
https://testdriven.io/blog/django-static-files/
- [Answered ]-Is it possible to feed data from a React POST request into a Django form without rendering that form on the frontend?
- [Answered ]-Django – query for the closest numeric value to a given value
- [Answered ]-Django: ManyToManyField with additional Column
- [Answered ]-How to run django-project?
- [Answered ]-Django Template Hide Microseconds from Timedelta
0👍
The builtin static file server is not intended for production use, so it makes no effort to deal with security issues like the one you mention. Normally, static files are not served by any Python application — static files are typically offloaded to a server or service specialized for serving static files, such as a traditional webserver (Apache, NGINX, etc) or a CDN (CloudFlare, CloudFront, Azure Frontdoor, etc). This is described in the django docs.
If you don’t have a CDN and don’t want to use a separate server for static files and you must use your Python application to serve static files, you can use the whitenoise middleware in your Django project instead.
Install the package:
pip install whitenoise
Then add it to your project:
MIDDLEWARE = [
# ...
"django.middleware.security.SecurityMiddleware",
"whitenoise.middleware.WhiteNoiseMiddleware",
# ...
]
And remove the STATICFILES_FINDERS setting you have currently.
Check the whitenoise docs for more information and configuration options.
- [Answered ]-Django TypeError after installing tinymce
- [Answered ]-Requirements.txt bad interpreter: No such file or directory
- [Answered ]-Django forms: two form models in one <form> with a foreign key
- [Answered ]-Get crawled scrapy items in a django view