Module | ActionController::Streaming |
In: |
lib/action_controller/streaming.rb
|
Methods for sending files and streams to the browser instead of rendering.
DEFAULT_SEND_FILE_OPTIONS | = | { :type => 'application/octet-stream'.freeze, :disposition => 'attachment'.freeze, :stream => true, :buffer_size => 4096, :x_sendfile => false |
X_SENDFILE_HEADER | = | 'X-Sendfile'.freeze |
Send binary data to the user as a file download. May set content type, apparent file name, and specify whether to show data inline or download as an attachment.
Options:
Generic data download:
send_data buffer
Download a dynamically-generated tarball:
send_data generate_tgz('dir'), :filename => 'dir.tgz'
Display an image Active Record in the browser:
send_data image.data, :type => image.content_type, :disposition => 'inline'
See send_file for more information on HTTP Content-* headers and caching.
Sends the file by streaming it 4096 bytes at a time. This way the whole file doesn‘t need to be read into memory at once. This makes it feasible to send even large files.
Be careful to sanitize the path parameter if it coming from a web page. send_file(params[:path]) allows a malicious user to download any file on your server.
Options:
The default Content-Type and Content-Disposition headers are set to download arbitrary binary files in as many browsers as possible. IE versions 4, 5, 5.5, and 6 are all known to have a variety of quirks (especially when downloading over SSL).
Simple download:
send_file '/path/to.zip'
Show a JPEG in the browser:
send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline'
Show a 404 page in the browser:
send_file '/path/to/404.html', :type => 'text/html; charset=utf-8', :status => 404
Read about the other Content-* HTTP headers if you‘d like to provide the user with more information (such as Content-Description) in www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
Also be aware that the document may be cached by proxies and browsers. The Pragma and Cache-Control headers declare how the file may be cached by intermediaries. They default to require clients to validate with the server before releasing cached responses. See www.mnot.net/cache_docs/ for an overview of web caching and www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 for the Cache-Control header spec.