Skip to content

Add in support for static asset file serving #6

New issue
New issue
Open
Open
Add in support for static asset file serving#6
Labels
enhancementNew feature or request
@mscosti

Description

@mscosti
mscosti
opened on May 20, 2020

A very common use case for a web server is to be able to respond with static asset (files). This is primarily so that if a web browser makes an http request to your webserver, you can respond with a .html file which contains markup for a user interface. This .html file may also include references to other files, namely .js or .css, for front end javascript code and styling.

A common way to achieve this in other frameworks is to specify a particular folder on the server's filesystem, and expose white listed parts or all of its contents. I.e, If a http request comes in and matches the relative path of a file in that folder, then send back an 200 with the contents of that file.

This means that you wouldn't have to manually add a particular route for every static asset you want to serve, and less boiler plate code to read and transmit the asset.

Using Flask as inspiration

Need at minimum

  • WSGIApp class accepts a param called static_folder , that is the path to a folder on the local filesystem that should be served.
  • WSGIApp class accepts a param called static_url_path, that is what the web app base path would be for serving files from static_folder. If not provided, default to serving with the same base path of static_folder
  • expose a utility method for responding with a static folder that looks something like
    def send_from_directory(directory, filepath) -> return valid WSGI response, for situations where you need to respond with a file but need to do it from your own route handler (simple example, serve this OR that file depending on some dynamic criteria)
    • Like flask documents, only send_from_directory should be used if there is ANY client provided data being directly used, so that you do not permit read access to the entire filesystem; it must a filepath within a known directory.
    • Do not expose a 'send_file' method for above reason, easy to shoot yourself in the foot.

Questions

  • Do we default to automatically serving a folder named static at path /static/ ?
    • Most frameworks do this, but its worth posing the question
  • Do we need some blacklisting regex that we apply be default?
    • ex, disallow for serving .py or specifically secrets.py
    • How do you opt out?
  • Do we allow for configurable white listing or default white listing?
    • ex. Only serve files in /static that are .html, .css, .js, photo types, etc ?
    • Might not be necessary, as /static/ is meant for purposefully adding files you want to serve, and would not usually have a file in there you do not want public.
    • Would need appropriate warning documentation that this is the case.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions