File: //opt/cpanel/ea-ruby27/root/usr/share/gems/doc/rack-2.2.20/rdoc/Rack/Sendfile.html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>class Rack::Sendfile - rack-2.2.20 Documentation</title>
<script type="text/javascript">
var rdoc_rel_prefix = "../";
var index_rel_prefix = "../";
</script>
<script src="../js/navigation.js" defer></script>
<script src="../js/search.js" defer></script>
<script src="../js/search_index.js" defer></script>
<script src="../js/searcher.js" defer></script>
<script src="../js/darkfish.js" defer></script>
<link href="../css/fonts.css" rel="stylesheet">
<link href="../css/rdoc.css" rel="stylesheet">
<body id="top" role="document" class="class">
<nav role="navigation">
<div id="project-navigation">
<div id="home-section" role="region" title="Quick navigation" class="nav-section">
<h2>
<a href="../index.html" rel="home">Home</a>
</h2>
<div id="table-of-contents-navigation">
<a href="../table_of_contents.html#pages">Pages</a>
<a href="../table_of_contents.html#classes">Classes</a>
<a href="../table_of_contents.html#methods">Methods</a>
</div>
</div>
<div id="search-section" role="search" class="project-section initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<div id="search-field-wrapper">
<input id="search-field" role="combobox" aria-label="Search"
aria-autocomplete="list" aria-controls="search-results"
type="text" name="search" placeholder="Search" spellcheck="false"
title="Type to search, Up and Down to navigate, Enter to load">
</div>
<ul id="search-results" aria-label="Search Results"
aria-busy="false" aria-expanded="false"
aria-atomic="false" class="initially-hidden"></ul>
</form>
</div>
</div>
<div class="nav-section">
<h3>Table of Contents</h3>
<ul class="link-list" role="directory">
<li><a href="#class-Rack::Sendfile-label-Sendfile">Sendfile</a>
<li><a href="#class-Rack::Sendfile-label-Nginx">Nginx</a>
<li><a href="#class-Rack::Sendfile-label-lighttpd">lighttpd</a>
<li><a href="#class-Rack::Sendfile-label-Apache">Apache</a>
<li><a href="#class-Rack::Sendfile-label-Mapping+parameter">Mapping parameter</a>
<li><a href="#class-Rack::Sendfile-label-Security">Security</a>
</ul>
</div>
<div id="class-metadata">
<div id="parent-class-section" class="nav-section">
<h3>Parent</h3>
<p class="link">Object
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="nav-section">
<h3>Methods</h3>
<ul class="link-list" role="directory">
<li ><a href="#method-c-new">::new</a>
<li ><a href="#method-i-call">#call</a>
<li ><a href="#method-i-map_accel_path">#map_accel_path</a>
<li ><a href="#method-i-variation">#variation</a>
<li ><a href="#method-i-x_accel_mapping">#x_accel_mapping</a>
</ul>
</div>
</div>
</nav>
<main role="main" aria-labelledby="class-Rack::Sendfile">
<h1 id="class-Rack::Sendfile" class="class">
class Rack::Sendfile
</h1>
<section class="description">
<h1 id="class-Rack::Sendfile-label-Sendfile"><a href="Sendfile.html"><code>Sendfile</code></a><span><a href="#class-Rack::Sendfile-label-Sendfile">¶</a> <a href="#top">↑</a></span></h1>
<p>The <a href="Sendfile.html"><code>Sendfile</code></a> middleware intercepts responses whose body is being served from a file and replaces it with a server specific X-Sendfile header. The web server is then responsible for writing the file contents to the client. This can dramatically reduce the amount of work required by the Ruby backend and takes advantage of the web server's optimized file delivery code.</p>
<p>In order to take advantage of this middleware, the response body must respond to <code>to_path</code> and the request must include an X-Sendfile-Type header. <a href="Files.html"><code>Rack::Files</code></a> and other components implement <code>to_path</code> so there's rarely anything you need to do in your application. The X-Sendfile-Type header is typically set in your web servers configuration. The following sections attempt to document</p>
<h3 id="class-Rack::Sendfile-label-Nginx">Nginx<span><a href="#class-Rack::Sendfile-label-Nginx">¶</a> <a href="#top">↑</a></span></h3>
<p>Nginx supports the X-Accel-Redirect header. This is similar to X-Sendfile but requires parts of the filesystem to be mapped into a private URL hierarchy.</p>
<p>The following example shows the Nginx configuration required to create a private “/files/” area, enable X-Accel-Redirect, and pass the special X-Sendfile-Type and X-Accel-Mapping headers to the backend:</p>
<pre>location ~ /files/(.*) {
internal;
alias /var/www/$1;
}
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Mapping /var/www/=/files/;
proxy_pass http://127.0.0.1:8080/;
}</pre>
<p>The X-Accel-Mapping header should specify the location on the file system, followed by an equals sign (=), followed name of the private URL pattern that it maps to. The middleware performs a simple substitution on the resulting path.</p>
<p>To enable X-Accel-Redirect, you must configure the middleware explicitly:</p>
<pre class="ruby"><span class="ruby-identifier">use</span> <span class="ruby-constant">Rack</span><span class="ruby-operator">::</span><span class="ruby-constant">Sendfile</span>, <span class="ruby-string">"X-Accel-Redirect"</span>
</pre>
<p>For security reasons, the X-Sendfile-Type header from requests is ignored. The sendfile variation must be set via the middleware constructor.</p>
<p>See Also: <a href="https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile">www.nginx.com/resources/wiki/start/topics/examples/xsendfile</a></p>
<h3 id="class-Rack::Sendfile-label-lighttpd">lighttpd<span><a href="#class-Rack::Sendfile-label-lighttpd">¶</a> <a href="#top">↑</a></span></h3>
<p>Lighttpd has supported some variation of the X-Sendfile header for some time, although only recent version support X-Sendfile in a reverse proxy configuration.</p>
<pre>$HTTP["host"] == "example.com" {
proxy-core.protocol = "http"
proxy-core.balancer = "round-robin"
proxy-core.backends = (
"127.0.0.1:8000",
"127.0.0.1:8001",
...
)
proxy-core.allow-x-sendfile = "enable"
proxy-core.rewrite-request = (
"X-Sendfile-Type" => (".*" => "X-Sendfile")
)
}</pre>
<p>See Also: <a href="http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModProxyCore">redmine.lighttpd.net/wiki/lighttpd/Docs:ModProxyCore</a></p>
<h3 id="class-Rack::Sendfile-label-Apache">Apache<span><a href="#class-Rack::Sendfile-label-Apache">¶</a> <a href="#top">↑</a></span></h3>
<p>X-Sendfile is supported under Apache 2.x using a separate module:</p>
<p><a href="https://tn123.org/mod_xsendfile">tn123.org/mod_xsendfile</a>/</p>
<p>Once the module is compiled and installed, you can enable it using XSendFile config directive:</p>
<pre>RequestHeader Set X-Sendfile-Type X-Sendfile
ProxyPassReverse / http://localhost:8001/
XSendFile on</pre>
<h3 id="class-Rack::Sendfile-label-Mapping+parameter">Mapping parameter<span><a href="#class-Rack::Sendfile-label-Mapping+parameter">¶</a> <a href="#top">↑</a></span></h3>
<p>The third parameter allows for an overriding extension of the X-Accel-Mapping header. Mappings should be provided in tuples of internal to external. The internal values may contain regular expression syntax, they will be matched with case indifference.</p>
<p>When X-Accel-Redirect is explicitly enabled via the variation parameter, and no application-level mappings are provided, the middleware will read the X-Accel-Mapping header from the proxy. This allows nginx to control the path mapping without requiring application-level configuration.</p>
<h3 id="class-Rack::Sendfile-label-Security">Security<span><a href="#class-Rack::Sendfile-label-Security">¶</a> <a href="#top">↑</a></span></h3>
<p>For security reasons, the X-Sendfile-Type header from HTTP requests is ignored. The sendfile variation must be explicitly configured via the middleware constructor to prevent information disclosure vulnerabilities where attackers could bypass proxy restrictions.</p>
</section>
<section id="5Buntitled-5D" class="documentation-section">
<section id="public-class-5Buntitled-5D-method-details" class="method-section">
<header>
<h3>Public Class Methods</h3>
</header>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(app, variation = nil, mappings = [])</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/rack/sendfile.rb, line 118</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">initialize</span>(<span class="ruby-identifier">app</span>, <span class="ruby-identifier">variation</span> = <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">mappings</span> = [])
<span class="ruby-ivar">@app</span> = <span class="ruby-identifier">app</span>
<span class="ruby-ivar">@variation</span> = <span class="ruby-identifier">variation</span>
<span class="ruby-ivar">@mappings</span> = <span class="ruby-identifier">mappings</span>.<span class="ruby-identifier">map</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">internal</span>, <span class="ruby-identifier">external</span><span class="ruby-operator">|</span>
[<span class="ruby-regexp">/\A#{internal}/i</span>, <span class="ruby-identifier">external</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div>
</div>
</div>
</section>
<section id="public-instance-5Buntitled-5D-method-details" class="method-section">
<header>
<h3>Public Instance Methods</h3>
</header>
<div id="method-i-call" class="method-detail ">
<div class="method-heading">
<span class="method-name">call</span><span
class="method-args">(env)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="call-source">
<pre><span class="ruby-comment"># File lib/rack/sendfile.rb, line 126</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">call</span>(<span class="ruby-identifier">env</span>)
<span class="ruby-identifier">status</span>, <span class="ruby-identifier">headers</span>, <span class="ruby-identifier">body</span> = <span class="ruby-ivar">@app</span>.<span class="ruby-identifier">call</span>(<span class="ruby-identifier">env</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">body</span>.<span class="ruby-identifier">respond_to?</span>(<span class="ruby-value">:to_path</span>)
<span class="ruby-keyword">case</span> <span class="ruby-identifier">type</span> = <span class="ruby-identifier">variation</span>(<span class="ruby-identifier">env</span>)
<span class="ruby-keyword">when</span> <span class="ruby-string">'X-Accel-Redirect'</span>
<span class="ruby-identifier">path</span> = <span class="ruby-operator">::</span><span class="ruby-constant">File</span>.<span class="ruby-identifier">expand_path</span>(<span class="ruby-identifier">body</span>.<span class="ruby-identifier">to_path</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">url</span> = <span class="ruby-identifier">map_accel_path</span>(<span class="ruby-identifier">env</span>, <span class="ruby-identifier">path</span>)
<span class="ruby-identifier">headers</span>[<span class="ruby-constant">CONTENT_LENGTH</span>] = <span class="ruby-string">'0'</span>
<span class="ruby-comment"># '?' must be percent-encoded because it is not query string but a part of path</span>
<span class="ruby-identifier">headers</span>[<span class="ruby-identifier">type</span>] = <span class="ruby-operator">::</span><span class="ruby-constant">Rack</span><span class="ruby-operator">::</span><span class="ruby-constant">Utils</span>.<span class="ruby-identifier">escape_path</span>(<span class="ruby-identifier">url</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-string">'?'</span>, <span class="ruby-string">'%3F'</span>)
<span class="ruby-identifier">obody</span> = <span class="ruby-identifier">body</span>
<span class="ruby-identifier">body</span> = <span class="ruby-constant">Rack</span><span class="ruby-operator">::</span><span class="ruby-constant">BodyProxy</span>.<span class="ruby-identifier">new</span>([]) <span class="ruby-keyword">do</span>
<span class="ruby-identifier">obody</span>.<span class="ruby-identifier">close</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">obody</span>.<span class="ruby-identifier">respond_to?</span>(<span class="ruby-value">:close</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">env</span>[<span class="ruby-constant">RACK_ERRORS</span>].<span class="ruby-identifier">puts</span> <span class="ruby-string">"X-Accel-Mapping header missing"</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'X-Sendfile'</span>, <span class="ruby-string">'X-Lighttpd-Send-File'</span>
<span class="ruby-identifier">path</span> = <span class="ruby-operator">::</span><span class="ruby-constant">File</span>.<span class="ruby-identifier">expand_path</span>(<span class="ruby-identifier">body</span>.<span class="ruby-identifier">to_path</span>)
<span class="ruby-identifier">headers</span>[<span class="ruby-constant">CONTENT_LENGTH</span>] = <span class="ruby-string">'0'</span>
<span class="ruby-identifier">headers</span>[<span class="ruby-identifier">type</span>] = <span class="ruby-identifier">path</span>
<span class="ruby-identifier">obody</span> = <span class="ruby-identifier">body</span>
<span class="ruby-identifier">body</span> = <span class="ruby-constant">Rack</span><span class="ruby-operator">::</span><span class="ruby-constant">BodyProxy</span>.<span class="ruby-identifier">new</span>([]) <span class="ruby-keyword">do</span>
<span class="ruby-identifier">obody</span>.<span class="ruby-identifier">close</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">obody</span>.<span class="ruby-identifier">respond_to?</span>(<span class="ruby-value">:close</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">''</span>, <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">env</span>[<span class="ruby-constant">RACK_ERRORS</span>].<span class="ruby-identifier">puts</span> <span class="ruby-node">"Unknown x-sendfile variation: #{type.inspect}"</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
[<span class="ruby-identifier">status</span>, <span class="ruby-identifier">headers</span>, <span class="ruby-identifier">body</span>]
<span class="ruby-keyword">end</span></pre>
</div>
</div>
</div>
</section>
<section id="private-instance-5Buntitled-5D-method-details" class="method-section">
<header>
<h3>Private Instance Methods</h3>
</header>
<div id="method-i-map_accel_path" class="method-detail ">
<div class="method-heading">
<span class="method-name">map_accel_path</span><span
class="method-args">(env, path)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="map_accel_path-source">
<pre><span class="ruby-comment"># File lib/rack/sendfile.rb, line 177</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">map_accel_path</span>(<span class="ruby-identifier">env</span>, <span class="ruby-identifier">path</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">mapping</span> = <span class="ruby-ivar">@mappings</span>.<span class="ruby-identifier">find</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">internal</span>, <span class="ruby-identifier">_</span><span class="ruby-operator">|</span> <span class="ruby-identifier">internal</span> <span class="ruby-operator">=~</span> <span class="ruby-identifier">path</span> }
<span class="ruby-keyword">return</span> <span class="ruby-identifier">path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-operator">*</span><span class="ruby-identifier">mapping</span>)
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">mapping</span> = <span class="ruby-identifier">x_accel_mapping</span>(<span class="ruby-identifier">env</span>)
<span class="ruby-comment"># Safe to use header: explicit config + no app mappings:</span>
<span class="ruby-identifier">mapping</span>.<span class="ruby-identifier">split</span>(<span class="ruby-string">','</span>).<span class="ruby-identifier">map</span>(<span class="ruby-operator">&</span><span class="ruby-value">:strip</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">m</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">internal</span>, <span class="ruby-identifier">external</span> = <span class="ruby-identifier">m</span>.<span class="ruby-identifier">split</span>(<span class="ruby-string">'='</span>, <span class="ruby-value">2</span>).<span class="ruby-identifier">map</span>(<span class="ruby-operator">&</span><span class="ruby-value">:strip</span>)
<span class="ruby-identifier">new_path</span> = <span class="ruby-identifier">path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\A#{internal}/i</span>, <span class="ruby-identifier">external</span>)
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new_path</span> <span class="ruby-keyword">unless</span> <span class="ruby-identifier">path</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">new_path</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">path</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div>
</div>
</div>
<div id="method-i-variation" class="method-detail ">
<div class="method-heading">
<span class="method-name">variation</span><span
class="method-args">(env)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="variation-source">
<pre><span class="ruby-comment"># File lib/rack/sendfile.rb, line 161</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">variation</span>(<span class="ruby-identifier">env</span>)
<span class="ruby-comment"># Note: HTTP_X_SENDFILE_TYPE is intentionally NOT read for security reasons.</span>
<span class="ruby-comment"># Attackers could use this header to enable x-accel-redirect and bypass proxy restrictions.</span>
<span class="ruby-ivar">@variation</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">env</span>[<span class="ruby-string">'sendfile.type'</span>]
<span class="ruby-keyword">end</span></pre>
</div>
</div>
</div>
<div id="method-i-x_accel_mapping" class="method-detail ">
<div class="method-heading">
<span class="method-name">x_accel_mapping</span><span
class="method-args">(env)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="x_accel_mapping-source">
<pre><span class="ruby-comment"># File lib/rack/sendfile.rb, line 167</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">x_accel_mapping</span>(<span class="ruby-identifier">env</span>)
<span class="ruby-comment"># Only allow header when:</span>
<span class="ruby-comment"># 1. X-Accel-Redirect is explicitly enabled via constructor.</span>
<span class="ruby-comment"># 2. No application-level mappings are configured.</span>
<span class="ruby-keyword">return</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@variation</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/x-accel-redirect/i</span>
<span class="ruby-keyword">return</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@mappings</span>.<span class="ruby-identifier">any?</span>
<span class="ruby-identifier">env</span>[<span class="ruby-string">'HTTP_X_ACCEL_MAPPING'</span>]
<span class="ruby-keyword">end</span></pre>
</div>
</div>
</div>
</section>
</section>
</main>
<footer id="validator-badges" role="contentinfo">
<p><a href="https://validator.w3.org/check/referer">Validate</a>
<p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.2.1.1.
<p>Based on <a href="http://deveiate.org/projects/Darkfish-RDoc/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.
</footer>