Module | ActionController::Streaming |
In: |
lib/action_controller/streaming.rb
|
Methods for sending arbitrary data and for streaming files to the browser, instead of rendering.
DEFAULT_SEND_FILE_OPTIONS | = | { :type => 'application/octet-stream'.freeze, :disposition => 'attachment'.freeze, :stream => true, :buffer_size => 4096, :x_sendfile => false |
X_SENDFILE_HEADER | = | 'X-Sendfile'.freeze |
Sends the given binary data to the browser. This method is similar to render :text => data, but also allows you to specify whether the browser should display the response as a file attachment (i.e. in a download dialog) or as inline data. You may also set the content type, the apparent file name, and other things.
Options:
Generic data download:
send_data buffer
Download a dynamically-generated tarball:
send_data generate_tgz('dir'), :filename => 'dir.tgz'
Display an image Active Record in the browser:
send_data image.data, :type => image.content_type, :disposition => 'inline'
See send_file for more information on HTTP Content-* headers and caching.
Tip: if you want to stream large amounts of on-the-fly generated data to the browser, then use render :text => proc { … } instead. See ActionController::Base#render for more information.
Sends the file, by default streaming it 4096 bytes at a time. This way the whole file doesn‘t need to be read into memory at once. This makes it feasible to send even large files. You can optionally turn off streaming and send the whole file at once.
Be careful to sanitize the path parameter if it is coming from a web page. send_file(params[:path]) allows a malicious user to download any file on your server.
Options:
The default Content-Type and Content-Disposition headers are set to download arbitrary binary files in as many browsers as possible. IE versions 4, 5, 5.5, and 6 are all known to have a variety of quirks (especially when downloading over SSL).
Simple download:
send_file '/path/to.zip'
Show a JPEG in the browser:
send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline'
Show a 404 page in the browser:
send_file '/path/to/404.html', :type => 'text/html; charset=utf-8', :status => 404
Read about the other Content-* HTTP headers if you‘d like to provide the user with more information (such as Content-Description) in www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
Also be aware that the document may be cached by proxies and browsers. The Pragma and Cache-Control headers declare how the file may be cached by intermediaries. They default to require clients to validate with the server before releasing cached responses. See www.mnot.net/cache_docs/ for an overview of web caching and www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 for the Cache-Control header spec.