1

I have a Flask application that will run under Apache in production. I have some static files, but they require authenticated access. So using X-Sendfile seemed reasonable to speed up the file delivery after authentication:

flaskapp = flask.Flask()
flaskapp.use_x_sendfile = True

Then where I'm generating the response:

return flask.send_file(filepath)

It seems to work fine under Apache. The problem is when I run the development server:

# Use SharedDataMiddleware to deliver JS, CSS, icons, etc.
flaskapp.wsgi_app = SharedDataMiddleware(flaskapp.wsgi_app, {'/static': '/path/to/static'})
flaskapp.run(host='0.0.0.0', debug=True)

When I run it this way with use_x_sendfile = True, the X-Sendfile header shows up in the actual response and an empty file (0 byte) is delivered to the client. Turning off X-Sendfile (and forcing the browser to discard the cached file) fixes the issue, so it seems the Werkzeug server Flask runs isn't processing the X-Sendfile header. Is there a way to enable the development server to process X-Sendfile, or am I forced to turn this off during development?

jpmc26
  • 28,463
  • 14
  • 94
  • 146

1 Answers1

2

The flask documentation mentions that the server must support the X-Sendfile, and werkzeug's dev server doesn't (there's no mention anywhere in the documentation and a grep through werkzeug's source for sendfile returned no matches).

It wouldn't probably be too hard to add this behaviour to the server, but I'm not really sure if supporting such advanced features is a priority for a developement server.

Btw, as additional keyword arguments to run are passed through to werkzeug's run_simple, you don't need to create the middleware yourself, you can just use:

flaskapp.run(host='0.0.0.0', debug=True, static_files={'/static': '/path/to/static'})
mata
  • 67,110
  • 10
  • 163
  • 162