Defect #24646

X-Sendfile is missing in response headers

Added by Karel Pičman over 3 years ago. Updated about 3 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:


Target version:3.2.5
Resolution:Fixed Affected version:3.3.1


Despite uncommenting X-Sendfile option in config/additional_environment.rb, X-Sendfile header is not added into the response. Therefore the download is not handed over to the webserver and it is processed by the application. It prevents from downloading of large files.


# Specifies the header that your server uses for sending files
config.action_dispatch.x_sendfile_header = "X-Sendfile" 

Response header when downloading a file from the Files module:

Cache-Control private
Connection Keep-Alive
Content-Disposition attachment; filename=""
Content-Length 25362
Content-Type application/x-zip-compressed
Date Mon, 19 Dec 2016 08:33:42 GMT
Etag "c4c34e17fd91b5e7f97ea03a1e4366f6"
Server WEBrick/1.3.1 (Ruby/2.3.1/2016-04-26)
Set-Cookie _redmine_session=SzJycUd0VUYybGNkU2NVWGVHN1VQOVhJVUY1dTJCRjNOS05HU2xaSzY1aWYwOHp3am1SUURiWEdjNCtZOE44T2I0UkV3eHNWSWwwZDJ0MHBUMmhjck5Vd3ZNVHZla1RNTXBTTWQ3bnQva2p4OXk1KzUxcFgzWmVmU0dlYWg2dXFtei9JRXpXYWpyQXJ1ckY2TlQ0WEtkb1dPclprSlJ5Ni9pejN0a0FXMkUrVFdTUVFUeDBlMW9DNGJuN0k5Y3dPM1FIekcxUDByZlQ4emg1TmJyVUdkdC84REwyU1pVNGtIZnkzTVJ4T1dDdnVIYTFPMWJBWFNZeU5DRlRSUkE3QytUc3dFbWRaMXdhUjZmK0FvcGlENklCV3YzTDhSbWt4YWs5UEJLdW9wczlFMy9yc3BlY3krakV1ZjlSeUdNN29Gd2tENnk3Vk5VOFlSMERkdVdxNVpjdG1xQ3RTQlNTYWRnb1QvVmVzZy9NPS0tVGFOZGhaWUZVdEdRMUJrSjMwU05pQT09--150df285ffe701a4ef1e1bad01398101dcb4989c; path=/; HttpOnly
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Request-Id 8743fb81-42d3-4924-b93f-199b95e68ed1
X-Runtime 0.030291
X-XSS-Protection 1; mode=block
content-transfer-encoding binary

My environment:

  Redmine version                3.3.1.stable
  Ruby version                   2.3.1-p112 (2016-04-26) [x86_64-linux-gnu]
  Rails version        
  Environment                    production
  Database adapter               Mysql2

Related issues

Related to Redmine - Defect #32785: X-Sendfile header field is not set if rack 2.1.0 is insta... Closed

Associated revisions

Revision 16114
Added by Jean-Philippe Lang about 3 years ago

Fixed that X-Sendfile header is never set (#24646).


#1 Updated by Karel Pičman over 3 years ago

During a next investigation I've found that the problem is that the body doesn't respond to to_path method:


class Sendfile
    F = ::File

    def call(env)
      status, headers, body =
      if body.respond_to?(:to_path) # Here is the problem
        case type = variation(env)
        when 'X-Accel-Redirect'

While in a working application the body is an instance of ActionDispatch::Response::RackBody which have as a member ActionDispatch::Response response, in Redmine I see there an array which doesn't respond to to_path method.

Unfortunately I've no clue what could be the reason.

#2 Updated by Jean-Philippe Lang over 3 years ago

  • Status changed from New to Confirmed

#3 Updated by Jean-Philippe Lang about 3 years ago

  • Status changed from Confirmed to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version set to 3.3.2
  • Resolution set to Fixed

The problem was caused by Rack::ContentLength. This should be fixed by r16114.
Thanks for pointing this out.

#4 Updated by Jean-Philippe Lang about 3 years ago

  • Target version changed from 3.3.2 to 3.2.5

#5 Updated by Karel Pičman about 3 years ago

I confirm that after applying your patch, everything works as expected. Thank you very much.

#6 Updated by Go MAEDA about 3 years ago

  • Category changed from Files to Attachments

#7 Updated by Jean-Philippe Lang about 3 years ago

  • Status changed from Resolved to Closed

Thanks for the feedback.

#8 Updated by Go MAEDA 3 months ago

  • Related to Defect #32785: X-Sendfile header field is not set if rack 2.1.0 is installed added

Also available in: Atom PDF