Best way to write an image to a Django HttpResponse()

Asked 9/6, 2010 at 4:50 Answered 28/11, 2023 at 20:52

I need to serve images securely to validated users only (i.e. they can't be served as static files). I currently have the following Python view in my Django project, but it seems inefficient. Any ideas for a better way?

def secureImage(request,imagePath):
    response = HttpResponse(mimetype="image/png")
    img = Image.open(imagePath)
    img.save(response,'png')
    return response

(Image is imported from PIL.)

Pharyngoscope answered 9/6, 2010 at 4:50 Comment(4)

As Santia commented: "In case you try this with a more recent version of Django (as I did...) As of Django 1.7, the keyword mimetype was renamed to content_type for HttpResponse()" – Udelle 29/5, 2015 at 11:46

how 'red.save(response, "png")' works, I check the source code 'response' is passed to 'save' as 'fd', but it works nothing? Can someone tell me please? thanks – Casein 2/7, 2019 at 12:9

@HenningLee, response acts like a file descriptor and you are "writing" the file to the response object. k-g-fis completely right about this being terribly inefficient – Lissy 30/8, 2019 at 17:4

Use FileResponse for serving files instead of HttpResponse. – Altocumulus 23/11, 2020 at 19:18

Well, re-encoding is needed sometimes (i.e. applying an watermark over an image while keeping the original untouched), but for the most simple of cases you can use:

try:
    with open(valid_image, "rb") as f:
        return HttpResponse(f.read(), content_type="image/jpeg")
except IOError:
    red = Image.new('RGBA', (1, 1), (255,0,0,0))
    response = HttpResponse(content_type="image/jpeg")
    red.save(response, "JPEG")
    return response

Prenomen answered 5/4, 2013 at 11:7 Comment(8)

To determine the MIME type of the file, you can use python-magic. – Ossian 29/4, 2013 at 13:14

mimetype was deprecated in Django 1.5, this option is now called content_type. – Rum 9/10, 2014 at 4:44

Also, I think JPEG doesn't support RGBA, you might want to edit it to 'RGB'. – Shortie 26/6, 2018 at 17:20

@Shortie been a while since I've touched python, but I'm pretty sure that when you call save any transparency is ignored (if you save it as .jpg). Did you got errors using it? I deliberately used RGBA because was taken from a script that applied transparent watermarks over images. If you are to use it in RGB mode cut the last "0" also red = Image.new('RGB', (1, 1), (255,0,0)) – Prenomen 27/6, 2018 at 9:50

how 'red.save(response, "JPEG")' works, I check the source code 'response' is passed to 'save' as 'fd', but it works nothing? Can someone tell me please? thanks – Casein 2/7, 2019 at 12:8

If you want to use RGBA then use image/png & PNG. – Priscella 19/2, 2021 at 2:27

If you trust the file extensions, you can determine MIME type with mimetypes.guess_type(filename), which is built in (no install). – Estreat 3/11, 2021 at 21:8

Unable to import 'Image'. – Whaleboat 3/10, 2022 at 6:38

Make use of FileResponse
A cleaner way, here we dont have to worry about the Content-Length and Content-Type headers, they are automatically added by guessing the contents of open().

from django.http import FileResponse

def send_file(response):

    img = open('media/hello.jpg', 'rb')

    response = FileResponse(img)

    return response

Spondaic answered 1/2, 2021 at 9:30 Comment(2)

Doesn't this leak file descriptors? – Estreat 3/11, 2021 at 21:10

Oh, the docs say "The file will be closed automatically..". (docs.djangoproject.com/en/3.2/ref/request-response/…) – Estreat 3/11, 2021 at 21:11

Just stumbled on the somewhat bad advice (for production) and thought I would mention X-Sendfile which works with both Apache and Nginx and probably other webservers too.

https://pythonhosted.org/xsendfile/

Modern Web servers like Nginx are generally able to serve files faster, more efficiently and more reliably than any Web application they host. These servers are also able to send to the client a file on disk as specified by the Web applications they host. This feature is commonly known as X-Sendfile.

This simple library makes it easy for any WSGI application to use X-Sendfile, so that they can control whether a file can be served or what else to do when a file is served, without writing server-specific extensions. Use cases include:

Restrict document downloads to authenticated users.

Log who’s downloaded a file. Force a file to be downloaded instead of rendered by the browser, or serve it with a name different from the one on disk, by setting the Content-Disposition header.

The basic idea is you open the file and pass that handle back to the webserver which then returns the bytes to the client, freeing your python code to handle the next request. This is far more performant than the solution above since a slow client on the other end could hang your python thread for as long as it takes to download the file.

Here is a repo that shows how to do this for various webservers and although it is pretty old, it will at least give you an idea of what you need to do. https://github.com/johnsensible/django-sendfile

Lissy answered 30/8, 2019 at 17:5 Comment(1)

it seems a little too tedious to implement with django, the github instructions are not really clear – Indivertible 12/9, 2022 at 13:39

Using the more recent view class pattern, here is what I did.

class FileView(View):

    def get(self, request, *args, **kwargs):
        img = open('path/image.png', 'rb')
        response = FileResponse(img)
        return response

Wintergreen answered 28/11, 2023 at 20:52 Comment(0)

Recommended topics

Hot tags