Method deprecated or moved

This method is deprecated or moved on the latest stable version. The last existing version (v3.0.9) is shown here.

These similar methods exist in v4.0.2:

send_file(path, options = {}) protected

Sends the file. This uses a server-appropriate method (such as X-Sendfile) via the Rack::Sendfile middleware. The header to use is set via config.action_dispatch.x_sendfile_header, and defaults to “X-Sendfile”. Your server can also configure this for you by setting the X-Sendfile-Type header.

Be careful to sanitize the path parameter if it is coming from a web page. send_file(params[:path]) allows a malicious user to download any file on your server.


  • :filename - suggests a filename for the browser to use. Defaults to File.basename(path).

  • :type - specifies an HTTP content type. Defaults to ‘application/octet-stream’. You can specify either a string or a symbol for a registered type register with Mime::Type.register, for example :json

  • :disposition - specifies whether the file will be shown inline or downloaded. Valid values are ‘inline’ and ‘attachment’ (default).

  • :status - specifies the status code to send with the response. Defaults to ‘200 OK’.

  • :url_based_filename - set to true if you want the browser guess the filename from the URL, which is necessary for i18n filenames on certain browsers (setting :filename overrides this option).

The default Content-Type and Content-Disposition headers are set to download arbitrary binary files in as many browsers as possible. IE versions 4, 5, 5.5, and 6 are all known to have a variety of quirks (especially when downloading over SSL).

Simple download:

send_file '/path/to.zip'

Show a JPEG in the browser:

send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline'

Show a 404 page in the browser:

send_file '/path/to/404.html', :type => 'text/html; charset=utf-8', :status => 404

Read about the other Content-* HTTP headers if you’d like to provide the user with more information (such as Content-Description) in http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.

Also be aware that the document may be cached by proxies and browsers. The Pragma and Cache-Control headers declare how the file may be cached by intermediaries. They default to require clients to validate with the server before releasing cached responses. See http://www.mnot.net/cache_docs/ for an overview of web caching and http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 for the Cache-Control header spec.

Show source
Register or log in to add new notes.
June 26, 2008
9 thanks


Rails 2.1 supports the x_sendfile apache module:

send_file '/path/to.png', :x_sendfile => true, :type => 'image/png'
August 8, 2008
2 thanks

X-Sendfile equivalent for Nginx

Nginx supports a similar http header to X-Sendfile called X-Accel-Redirect.

Set the X_SENDFILE_HEADER constant somewhere (eg in your environment.rb) file:

ActionController::Streaming::X_SENDFILE_HEADER = 'X-Accel-Redirect'  

Then you can use x_sendfile => true as usual.

More here: http://wiki.codemongers.com/NginxXSendfile

December 16, 2009
0 thanks


send_file always uses the absolute path /www/somewebsite/public/downloads/file

January 24, 2011
0 thanks

Does not respond to ajax call

I inherited some code that used form_remote_tag. send_file and send_data did not work.

Changing from from_remote_tag to form_tag and all worked as expected.