Serve a file or image.

This controller is used to serve files and images. It is able to manipulate an image according to the parameters supplied.

Image manipulation parameters are signed to prevent random image manipulations on the request of visitors, which might result in a denial of service due to processing- or disk space limitations.

This controller serves all files with a very long client side caching time. It also handles if-modifies-since checks. It also compresses served files with gzip when the user-agent supports it.

Example dispatch rule:

{image, ["image", '*'], controller_file_readonly, [{is_media_preview, true}]}

controller_file_readonly has the following dispatch options:

Option Description Example
root List of root directories where files are located. Use ‘lib’ for the library files. This defaults to the site’s “files/archive” directory, unless “is_meda_preview” is set then it defaults to the sites’s “files/preview” directory. {root, [lib]}
media_path The path for media when “is_media_preview” is set. Defaults to the site’s “files/archive” directory. {media_path, “/var/media/archive”}

Default file to be served. Used for files like “robots.txt” and “favicon.ico”.

The path is relative to files/archive in the site, or relative to files/preview if is_media_preview is set.

When set to the atom ‘id’ then there must be an ‘id’ argument in the dispatch list. The file attached to this controller is then served.


{path, id}

content_disposition If the file should be viewed in the browser or downloaded. Possible values are inline and attachment. Defaults to the browser’s defaults by not setting the “Content-Disposition” response header. {content_disposition, inline}
is_media_preview Set to true to allow recognition and handling of image manipulation parameters. See the image tag for their format. Defaults to false. {is_media_preview, true}
use_cache Use server side caching of files. Especially useful when gzip-compressing files. Not so useful when a proxy cache like Varnish is used. Defaults to false. {use_cache, true}

Extra authorization checks to be performed.

New in version 0.10.

See ACL options.


controller_file_readonly does not handle any query arguments other than the file path.

ACL options

Authorization checks to perform, in addition to the acl_action dispatch option, can be given in the acl dispatch option, and accepts the following options:

ACL option Description Example
is_auth Disable anonymous access to this resource. {acl, is_auth}
logoff Log out user before processing the request. {acl, logoff}
{Action, Resource} Check if user is allowed to perform Action on Resource. The example is equivalent to the options {acl_action, edit}, {id, my_named_page}. {acl, {edit, my_named_page}}
[{Action, Resource}] A list of checks to be performed, as above. {acl, [{view, secret_page}, {update, 345}]}

Table Of Contents

Previous topic


Next topic