本文介绍了在Flask应用中如何安全地发送文件。推荐使用send_from_directory()替代send_file(),因为前者通过限定目录增加了安全性。文章详细解释了两个函数的参数及用法,并提供了官方文档链接作为参考。
尽量不要使用send_file(),而使用send_from_directory,后者限定了文件夹,更安全
flask.send_file(filename_or_fp, mimetype=None, as_attachment=False, attachment_filename=None, add_etags=True, cache_timeout=None, conditional=False, last_modified=None)
| 参数 | 说明 |
|---|---|
| filename_or_fp | 需要发送的文件 |
| mimetype | the mimetype of the file if provided. If a file path is given, auto detection happens as fallback, otherwise an error will be raised. |
| as_attachment | et to True if you want to send this file with a Content-Disposition: attachment header. |
| attachment_filename | the filename for the attachment if it differs from the file’s filename. |
| add_etags | set to False to disable attaching of etags. |
| conditional | set to True to enable conditional responses. |
| cache_timeout | the timeout in seconds for the headers. |
| last_modified |
flask.send_from_directory(directory, filename, **options)
| 参数 | 描述 |
|---|---|
| directory | the directory where all the files are stored. |
| filename | the filename relative to that directory to download. |
| options | optional keyword arguments that are directly forwarded to send_file(). |
参考文献:
http://flask.pocoo.org/docs/0.12/api/#flask.send_from_directory
https://stackoverflow.com/questions/38252955/flask-when-to-use-send-file-send-from-directory?r=SearchResults
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
