On Tuesday, December 29, 2015 at 6:31:02 PM UTC+1, David Evans wrote: > > 2. Serving media files is a slightly different case. WhiteNoise was > designed around the assumption that it's serving a set of > developer-supplied, public files which remain unchanged during the lifetime > of the process. This simplifies a lot of performance and security concerns > that come with serving mutable, user-supplied files. >
Speaking from a security perspective: It is also important that WhiteNoise would serve Media files in a safe way, ie serving most files as attachments to prevent uploaded HTML files from starting an attack, preventing browser content type sniffing etc… -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/db7e7fe6-c735-43bb-a3f7-2bc809707032%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
