meringue.protected.views ¤
x_accel_redirect_view ¤
The view checks the user's access to view and serves the file.
If you enable the parameter PROTECTED_SERVE_WITH_NGINX, the file will not be served; instead, the response will contain the X-Accel-Redirect header pointing to the original file. It is expected that nginx will return the file using the internal parameter.
Source code in meringue/protected/
def x_accel_redirect_view(request, cid, field, pk, disp="inline"):
The view checks the user's access to view and serves the file.
If you enable the parameter
[PROTECTED_SERVE_WITH_NGINX][meringue.conf.default_settings.PROTECTED_SERVE_WITH_NGINX], the
file will not be served; instead, the response will contain the X-Accel-Redirect header
pointing to the original file. It is expected that nginx will return the file using the
[internal]( parameter.
contenttype = ContentType.objects.get(id=cid)
if not request.user.has_perm(f"{contenttype.app_label}.view_{contenttype.model}"):
raise PermissionDenied()
model = contenttype.model_class().objects.get(pk=pk)
file = getattr(model, field)
if not file:
raise Http404()
file_name = Path(
response = HttpResponse()
response["Content-Type"] = mimetypes.guess_type(file.path)[0]
response["Content-Disposition"] = f"{disp}; filename={quote(file_name)}"
if isinstance(file, ProtectedFieldFile | ProtectedImageFieldFile):
redirect_url = file.redirect_url
redirect_url = file.url
response["X-Accel-Redirect"] = redirect_url
return response
with open(file.path, "rb") as tmp_file:
response = FileResponse(
as_attachment=disp == "attachment",
return response