How can I just let my page access the file

Question

How can I just let my page access the file

Asked 5 years, 5 months ago

Viewed 71 times

-1

I have a Flask page, and wanted to know how to make only my page access the files from Static I have a handling of files from Static (for image resizing):

@app.route('/static/<folder>/<filename>.<ext>', methods=['get'])
def file(folder, filename, ext):
    if not ext in ['jpeg', 'jpg', 'gif', 'png']:
        try:
            with open(f'static/{folder}/{filename}.{ext}') as fp:
                lines = fp.readlines()
                lines = '\n'.join(lines)
                if ext in ['js', 'json']:
                    mime = 'application'
                else:
                    mime = 'text'
                ext.replace('js', 'javascript')
                return Response(lines, mimetype=f'{mime}/{ext}')
        except FileNotFoundError:
            abort(404)
    try:
        im = Image.open(f'static/{folder}/{filename}.{ext}').convert('RGBA')
        if request.args.get("size"):
            size = int(request.args.get("size"))
            im.thumbnail((size, size), Image.ANTIALIAS)
    except FileNotFoundError:
        abort(404)
    return pil_image(im, ext)

I wanted to know if there is a way in it, or in some other way, only let the page access Static (by hrefs, srcs... but never by the url)

I suggest you read the community guidelines on how to make a good question.

– user148754

2019/05/30 at 17:52
1

In particular, never, never, post code as image. Put code as text. An image cannot be cut and pasted by someone who wants to play their program to find a good answer. Also, words within the image are not visible by the search engines of the site: all the text there is essentially invisible.

– jsbueno

2019/05/31 at 04:13

1 answer

Browser other questions tagged python jinja2

You are not signed in. Login or sign up in order to post.

by jsbueno • **30,668** points · Answer 1 · 2019-05-31T04:20:09+00:00

If you don’t want to expose any content that your view code is accessing in a URL that would go public, just put this content privately in any folder, except in the Static.

Maybe you have learned how to make pages in pure HTML, or PHP: in these technologies the layout of the files in the folders is mirrored in the Urls. In the most commonly used Python frameworks, this doesn’t work that way - the Urls that are available in the browser are only and only the registered Urls (with the "route" decorator in flask, or in the.py urls file in Django). The exception are just the files below the folder Static. This happens precisely because these files, not needing to be transformed by Python code, are in a way that in the production configuration can be served directly by the public HTTP server (usually a Nginx or apache), freeing the CPU to only call Python code when it has dynamic content.

On the other hand, your view Python code - in case your function file - is Python code like any other - and can access files anywhere on the entire hard drive. The only entire hard drive folder that is exposed in public Urls is Static - put the Resources that you just want to be accessible as part of the dynamic page in any other folder, and you can’t navigate to them directly. (A good name for this folder may just be resources instead of static.