Sends the file. This uses a server-appropriate method (such as X-Sendfile)
via the Rack::Sendfile middleware. The header to use is set via
config.action_dispatch.x_sendfile_header
. Your server can also
configure this for you by setting the X-Sendfile-Type header.
Be careful to sanitize the path parameter if it is coming from a web page.
send_file(params[:path])
allows a malicious user to download
any file on your server.
Options:
-
:filename
- suggests a filename for the browser to use. Defaults toFile.basename(path)
. -
:type
- specifies an HTTP content type. You can specify either a string or a symbol for a registered type register withMime::Type.register
, for example :json If omitted, type will be guessed from the file extension specified in:filename
. If no content type is registered for the extension, default type 'application/octet-stream' will be used. -
:disposition
- specifies whether the file will be shown inline or downloaded. Valid values are 'inline' and 'attachment' (default). -
:status
- specifies the status code to send with the response. Defaults to 200. -
:url_based_filename
- set totrue
if you want the browser guess the filename from the URL, which is necessary for i18n filenames on certain browsers (setting:filename
overrides this option).
The default Content-Type and Content-Disposition headers are set to download arbitrary binary files in as many browsers as possible. IE versions 4, 5, 5.5, and 6 are all known to have a variety of quirks (especially when downloading over SSL).
Simple download:
send_file '/path/to.zip'
Show a JPEG in the browser:
send_file '/path/to.jpeg', type: 'image/jpeg', disposition: 'inline'
Show a 404 page in the browser:
send_file '/path/to/404.html', type: 'text/html; charset=utf-8', status: 404
Read about the other Content-* HTTP headers if you'd like to provide the user with more information (such as Content-Description) in www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
Also be aware that the document may be cached by proxies and browsers. The Pragma and Cache-Control headers declare how the file may be cached by intermediaries. They default to require clients to validate with the server before releasing cached responses. See www.mnot.net/cache_docs/ for an overview of web caching and www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 for the Cache-Control header spec.
Please login to continue.