We are trying to expose Sitecore media URLs to some other application.
One of the ways I could think about is creating a Virtual Directory and linking it with physical server where images are stored.
Limitation of this approach is there won't be a way to fetch thumbnails from Virtual Directory URL.
e.g. ~/media/image.ashx?bc=White&dmc=0&h=500&thn=0&w=500 wont work with virtual directory
Is there any way to expose image URLs where we can expose actual version as well as a thumbnail of the images to other application?
e.g. exposing both ~/media/image.ashx and ~/media/image.ashx?bc=White&dmc=0&h=500&thn=0&w=500
As these are images so you can append image's src property with Request.Url.Scheme +"://"+Request.Url.Host + /~/media/image.ashx?bc=White&dmc=0&h=500&thn=0&w=500
Related
Have a web interface.
I can select any path of the server on the web interface.
Display all the images in this path to the web interface.
try:
I can't use these images as static resources.
If I take the absolute path of the image as the 'src' of the
tag, it will cause the image 404 error.
What should I do if I want to make this image's url correct?
You can not, by design. Django uses Storage engines to handle files it has access to (even files using remote services).
To reference static files, using the {% static 'relative/to/static.jpg' %} template tag, you need to use the included staticfiles module.
To reference uploaded files, you can use {{MEDIA_URL}} as illustrated the documentation.
The reason for this approach in Django is that it protects against attempts to reference files outside the base location of the Storage engine and throw a SuspiciousOperation exception.
Naturally, you can write your own Storage engine and reference files in any way you want.
And one could use any of these packages to manage them.
I have one Django application running GAE.The application uses content folder which contains images and html snippets.The content folder was uploaded in google cloud storage.I would like to render a image in static file using img tag.For using img tag I want to know the url of that image.I have seen that when we set the permission to share publicly it will give us a url.But I don't want to share that files publicly.If I share an another application can use my files.I don't want that.I there any way to do that with out log in a user
Sharing it publicly is the best way to go.
You could also base64 encode the image data when you render out the template, which means the url of the image will not be shown to the public on your page. Then you can obfuscate the image names in the GCS. This way it's still public but hard to reach.
It appears that now in Rails 4 using asset pipeline and the sprocket-rails gem, when images are processed, their filename is appended with an md5 fingerprint like css and javascript. While this makes sense because md5 fingerprints are awesome, it makes it increasingly difficult to access that image from javascript. In rails 3.2, I could access the image with /assets/image_name.jpg and it would serve properly, but in rails 4 that asset doesn't exist, it only exists with the md5 fingerprint in the name.
I know that rails provides helpers to access the image via erb <%= asset-url("image_name.jpg") %> but that is less ideal in javascript, because I am not using erb in my js. There are plenty of ways I could hack this with data-attributes serving in the views or using a script tag in my view and setting some globals, but I am looking for a nice solution to this problem, if it exists.
Any help is appreciated, thanks.
Another option to consider (although I wouldn't recommend it) is to use a custom route in your application controller to grab the asset path for you in the controller and either return the url to the asset with the md5 hash or possibly just render the raw binary data of the asset (although this will add processing overhead to your application).
For example, you make a AJAX get request to
http://yourapp.com/images?file=my_image.jpg
Then in your controller your action method would look like this:
def images
ActionController::Base.helpers.asset_url(params[:file])
end
This would then return the url path to the asset. The downside to this method is that it requires that you make two requests on the JS side. The first to get the path to the asset and the second to actually load that asset with the returned path.
To reduce this down to one request you could have the application read the image from the file system and return the proper headers so the browser thinks it is an image being returned and therefor will render the url provided. However, this would be a lot more work for the application and a lot more unneeded disk IO on your server.
It may take two requests for each image on the client to achieve what you want but you have to sacrifice somewhere...
Why do you need to use the asset pipeline for images? I get the hashing behavior. But normally the assets would be preprocessed. If you put the images in the public hierarchy as in olden times, you would get normal path routing.
Here's a quote from the Asset Pipleline guide that I think might be germane.
"Assets can still be placed in the public hierarchy. Any assets under public will be served as static files by the application or web server. You should use app/assets for files that must undergo some pre-processing before they are served."
Unfortunately, I think that you are stuck either adding an ERB extension to your JS and using the asset helpers, or else not using the asset pipeline for the assets.
When you say "I am not using erb in my js", do you mean you don't want to, or simply that you aren't? Because you can!
If you rename the relevant JS files with the extension .js.erb then you can use the asset_url helper in these files like so:
var src = "<%= asset_url('photo.jpg') %>";
By default, Django uploads images to the MEDIA_ROOT setting, which is assumed to be a publicly accessible directory.
I don't want users to be able to upload images and to have those images immediately accessible. Instead, I want the images to be uploaded to a non-public tmp directory. Later on, a site moderator will approve images in django-admin, which will move them to a public image directory.
The catch is that the site moderators need to be able to view the images stored in the tmp directory in order to approve them. So, those images need to be served from the web server, but can't be accessible to users who aren't moderators.
How do I:
Extend ImageField to store images in a directory other than MEDIA_ROOT
Protect temporary images so that they are only viewable by site moderators before they are approved?
Re 2: completely protecting them on django level is impossible, since static media is served by the webserver, bypassing django entirely.
What you could do instead, is to create a directory /private/ in your media source and protect it using normal apache means - eg .htaccess;
Though hash, which was suggested earlier, seems like a better method to me.
My Django site lets users upload images. It's running on Apache.
Files are uploaded via a FileUpload form. The folder to which files are uploaded is outside the Django project, and protected as described here, i.e. the folder has 755 permissions and files have 644 permissions.
I now want to serve the images up to users - but I need to do it securely, so that executable scripts don't run, and so that users can't e.g. delete all the images in the directory.
My question is, how do I serve the uploaded images to users in a secure way? Can I serve them safely as static media directly from that folder, with those permissions? Or should I copy them into another directory with different permissions, and serve them from there?
I'm serving the other static media (/media/css) on the site as a separate, static application.
Thanks!
The way to do this is to configure your web server to serve files with the names it expects, and with a correct image content-type. Use Django's ImageField for some level of validation by PIL/Pillow that uploaded files are images. For this directory, disable webserver features like autogenerating directory indexes, autoserving everything from the filesystem, guessing at mime types, and running cgi scripts.