Individual file
It is possible to serve static files with a custom path pattern and NamedFile
. To match a path tail, we can use a [.*]
regex.
Matching a path tail with the [.*]
regex and using it to return a NamedFile
has serious security implications.
It offers the possibility for an attacker to insert ../
into the URL and access every file on the host that the user running the server has access to.
Directory
To serve files from specific directories and sub-directories, Files
can be used. Files
must be registered with an App::service()
method, otherwise it will be unable to serve sub-paths.
By default files listing for sub-directories is disabled. Attempt to load directory listing will return 404 Not Found response. To enable files listing, use Files::show_files_listing()
method.
Instead of showing files listing for a directory, it is possible to redirect to a specific index file. Use the Files::index_file()
method to configure this redirect.
Configuration
NamedFiles
can specify various options for serving files:
set_content_disposition
- function to be used for mapping file's mime to correspondingContent-Disposition
typeuse_etag
- specifies whetherETag
shall be calculated and included in headers.use_last_modified
- specifies whether file modified timestamp should be used and added toLast-Modified
header.
All of the above methods are optional and provided with the best defaults, But it is possible to customize any of them.
The Configuration can also be applied to directory service: