Closed oadam closed 9 years ago
Actually a simple view checking that the user is logged in will suffice since we don't have multi-tenancy
Blog post describing how to do it with nginx http://sametmax.com/servir-un-fichier-protege-avec-django-et-nginx/
Fixed in 69de002
for the moment anyone can guess the file name and access it without being authenticated. We need to secure it using https://github.com/RacingTadpole/django-private-media