def raw_file(request, attachment_id, filename):
"""
Serve up an attachment's file.
"""
qs = Attachment.objects.select_related('current_revision')
attachment = get_object_or_404(qs, pk=attachment_id)
if attachment.current_revision is None:
raise Http404
if is_untrusted(request):
rev = attachment.current_revision
if settings.DEBUG:
# to work around an issue of the localdevstorage with streamed
# files we'll have to read some of the file here first
rev.file.read(rev.file.DEFAULT_CHUNK_SIZE)
response = StreamingHttpResponse(rev.file, content_type=rev.mime_type)
try:
response['Content-Length'] = rev.file.size
except OSError:
pass
response['Last-Modified'] = convert_to_http_date(rev.created)
response['X-Frame-Options'] = 'ALLOW-FROM %s' % settings.DOMAIN
return response
return redirect(attachment.get_file_url(), permanent=True)
def raw_file(request, attachment_id, filename):
"""
Serve up an attachment's file.
"""
qs = Attachment.objects.select_related("current_revision")
attachment = get_object_or_404(qs, pk=attachment_id)
rev = attachment.current_revision
if rev is None:
raise Http404
# Attachments must be served from safe (untrusted) domains
if not is_untrusted(request):
return redirect(attachment.get_file_url(), permanent=True)
# NOTE: All of this, just to support conditional requests (last-modified / if-modified-since)
# Very important while we're potentially serving attachments from disk.
# Far less important when we're just redirecting to S3.
# Consider removing?
if_modified_since = parse_http_date_safe(
request.META.get("HTTP_IF_MODIFIED_SINCE"))
if if_modified_since and if_modified_since >= calendar.timegm(
rev.created.utctimetuple()):
response = HttpResponseNotModified()
response["Last-Modified"] = convert_to_http_date(rev.created)
return response
if settings.ATTACHMENTS_USE_S3:
response = redirect(rev.file.url)
else:
response = StreamingHttpResponse(rev.file, content_type=rev.mime_type)
response["Content-Length"] = rev.file.size
response["Last-Modified"] = convert_to_http_date(rev.created)
response["X-Frame-Options"] = f"ALLOW-FROM {settings.DOMAIN}"
return response
def raw_file(request, attachment_id, filename):
"""
Serve up an attachment's file.
"""
qs = Attachment.objects.select_related('current_revision')
attachment = get_object_or_404(qs, pk=attachment_id)
if attachment.current_revision is None:
raise Http404
if is_untrusted(request):
rev = attachment.current_revision
if settings.DEBUG:
# to work around an issue of the localdevstorage with streamed
# files we'll have to read some of the file here first
rev.file.read(rev.file.DEFAULT_CHUNK_SIZE)
response = StreamingHttpResponse(rev.file, content_type=rev.mime_type)
try:
response['Content-Length'] = rev.file.size
except OSError:
pass
response['Last-Modified'] = convert_to_http_date(rev.created)
response['X-Frame-Options'] = 'ALLOW-FROM %s' % settings.DOMAIN
return response
return redirect(attachment.get_file_url(), permanent=True)
def raw_file(request, attachment_id, filename):
"""
Serve up an attachment's file.
"""
qs = Attachment.objects.select_related('current_revision')
attachment = get_object_or_404(qs, pk=attachment_id)
if attachment.current_revision is None:
raise Http404
if is_untrusted(request):
rev = attachment.current_revision
response = StreamingHttpResponse(rev.file, content_type=rev.mime_type)
response['Content-Length'] = rev.file.size
response['Last-Modified'] = convert_to_http_date(rev.created)
response['X-Frame-Options'] = 'ALLOW-FROM %s' % settings.DOMAIN
return response
return redirect(attachment.get_file_url(), permanent=True)
def raw_file(request, attachment_id, filename):
"""
Serve up an attachment's file.
"""
qs = Attachment.objects.select_related('current_revision')
attachment = get_object_or_404(qs, pk=attachment_id)
if attachment.current_revision is None:
raise Http404
if is_untrusted(request):
rev = attachment.current_revision
response = StreamingHttpResponse(rev.file, content_type=rev.mime_type)
response['Content-Length'] = rev.file.size
response['Last-Modified'] = convert_to_http_date(rev.created)
response['X-Frame-Options'] = 'ALLOW-FROM %s' % settings.DOMAIN
return response
return redirect(attachment.get_file_url(), permanent=True)
