Sends the file, by default streaming it 4096 bytes at a time. This way the
whole file doesn‘t need to be read into memory at once. This makes it
feasible to send even large files. You can optionally turn off streaming
and send the whole file at once.
Be careful to sanitize the path parameter if it is coming from a web page.
send_file(params[:path])
allows a malicious user to download any file on your server.
Options:
- :filename - suggests a filename for the browser to use. Defaults
to File.basename(path).
- :type - specifies an HTTP content type. Defaults to
‘application/octet-stream’.
- :length - used to manually override the length (in bytes) of the
content that is going to be sent to the client. Defaults to
File.size(path).
- :disposition - specifies whether the file will be shown inline or
downloaded. Valid values are ‘inline’ and
‘attachment’ (default).
- :stream - whether to send the file to the user agent as it is read
(true) or to read the entire file before sending (false).
Defaults to true.
- :buffer_size - specifies size (in bytes) of the buffer used to
stream the file. Defaults to 4096.
- :status - specifies the status code to send with the response.
Defaults to ‘200 OK’.
- :url_based_filename - set to true if you want the browser
guess the filename from the URL, which is necessary for i18n filenames on
certain browsers (setting :filename overrides this option).
- :x_sendfile - uses X-Sendfile to send the file when set to
true. This is currently only available with Lighttpd/Apache2 and
specific modules installed and activated. Since this uses the web server to
send the file, this may lower memory consumption on your server and it will
not block your application for further requests. See blog.lighttpd.net/articles/2006/07/02/x-sendfile
and tn123.ath.cx/mod_xsendfile/
for details. Defaults to false.
The default Content-Type and Content-Disposition headers are set to
download arbitrary binary files in as many browsers as possible. IE
versions 4, 5, 5.5, and 6 are all known to have a variety of quirks
(especially when downloading over SSL).
Simple download:
send_file '/path/to.zip'
Show a JPEG in the browser:
send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline'
Show a 404 page in the browser:
send_file '/path/to/404.html', :type => 'text/html; charset=utf-8', :status => 404
Read about the other Content-* HTTP headers if you‘d like to provide
the user with more information (such as Content-Description) in www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
Also be aware that the document may be cached by proxies and browsers. The
Pragma and Cache-Control headers declare how the file may be cached by
intermediaries. They default to require clients to validate with the server
before releasing cached responses. See www.mnot.net/cache_docs/ for an
overview of web caching and www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
for the Cache-Control header spec.