How to serve any file type with Python's BaseHTTPRequestHandler

12
votes

Consider the following example:

import string,cgi,time
from os import curdir, sep
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer

class MyHandler(BaseHTTPRequestHandler):

    def do_GET(self):
        try:
            if self.path.endswith(".html"):
                f = open(curdir + sep + self.path) #self.path has /test.html
#note that this potentially makes every file on your computer readable by the internet

                self.send_response(200)
                self.send_header('Content-type',    'text/html')
                self.end_headers()
                self.wfile.write(f.read())
                f.close()
                return

        except IOError:
            self.send_error(404,'File Not Found: %s' % self.path)


def main():
    try:
        server = HTTPServer(('', 80), MyHandler)
        print 'started httpserver...'
        server.serve_forever()
    except KeyboardInterrupt:
        print '^C received, shutting down server'
        server.socket.close()

if __name__ == '__main__':
    main()

What if I want to server a ZIP file also... how would I do that? I don't think this line would work right?

self.wfile.write(f.read())
3
pythonhttpserver
Can someone explain why the call to open() "potentially makes every file on your computer readable"? And how would you protect against this for serving files in this example?brooksbp
@brooksbp I think he means that the user could type a path that would navigate into another directory on your computer, for example going up one or more directories. But only html files could be accessed using the above code.Anthony

3 Answers

10
votes

Pass binary as a parameter to open(). This:

f = open(curdir + sep + self.path, 'rb')

Instead of this:

f = open(curdir + sep + self.path)

UNIX doesn't distinguish between binary and text, but windows does. But if the script executes on UNIX, the "b" will just be ignored so you're safe.

4
votes

Your line would work just fine. The problem would be setting the Content-type appropriately. You'd want to set it to application/zip instead of text/html.

4
votes

If you want to share files in a folder of any type, then you can also try typing the command

python -m SimpleHTTPServer

This will start the server at port 8000 and you can browse the files (via directory listing)