How can I use X-Sendfile in my Rails app?

September 5, 2006 Link to post  Permalink

Lighttpd, apache and mongrel have the ability to have a Rails application tell the server to send a file from the filesystem. This can be used to provide high speed serving of files by the server, but still allow the app to have some control over what’s served.

Here’s a good description of the Apache module that can do this.

All of the samples show code that look like this (this one’s in PHP):

 1?php
 2...
 3if ($user->isLoggedIn())
 4{
 5    header("X-Sendfile: $somefile");
 6    header("Content-Type: application/octet-stream");
 7    header("Content-Disposition: attachment; file=\"$somefile\"");
 8    exit;
 9}
10?>
11<h1>Permission denied</h1>
12<p>Login first!</p>

My question is – how can my app make use of this cool functionality?

Here’s my problem. For each of the servers, the x-sendfile header is disabled by default, since a bad app can send any file on the file system. However, if this is disabled, then my user will see nothing when I return an x-sendfile header!

Here’s the code I’d like to be able to write:

1 if request.headers['x-sendfile-enabled']
2    response.headers['x-sendfile'] = my_file_to_send
3  else
4    send_file my_file_to_send
5  end

This allows me to use the speedy code path when its available, but if it’s not available for whatever reason my user still gets the file.

I could try to keep duplicate configuration in sync between my app and the web server, but this is prone to error.

Anyone know if I’m missing something here?