0

Can i use login_required to get access to static files? For example if someone know url to static file, still can open this url even logged out. How can i resolve it? Could You give me any solutions how to protect my static files from not logged users.

static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)

I would like to protect my media files

besesito
  • 21
  • 6
  • look at this question [Serve protected media files with django](https://stackoverflow.com/questions/39744587/serve-protected-media-files-with-django). Also look at this package [django-downloadview](https://github.com/jazzband/django-downloadview) – Abdul Aziz Barkat Feb 17 '21 at 17:48

3 Answers3

0

Do this steps:

Step 1: All requests for media should go through a specific view

Step 2: Add the view and check access

Step 3: Configure your server

Check here for more detail

Ali_Sheikhi
  • 96
  • 6
0

Static files are open for public anyone can download it or copy your css code for example,

but the only thing you can do is create a function that block any IP request the static file URL,

David
  • 9
  • 4
-1

However i resolved it in diffrent way. Could You tell me is correct and safe?

I removed media static from urls.py

static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)

And added extra path url and function in views like below:

urls.py

path('media/client_images/<str:file>', login_required(clients_views.client_images), name='client_images'),

views.py

def client_images(request, file):
picture = get_object_or_404(Client_image, image='client_images/'+file)
path, file_name = os.path.split(file)
response = FileResponse(picture.image)
return response

Is it safe? I didn't change my nginx server configuration

besesito
  • 21
  • 6