Send_from_directory [best] - Flask Download File

While both can send files, for user-provided filenames. send_file send_from_directory Security None. It will send any path it's given. High. Prevents "directory traversal" attacks. Path Handling Requires a full path to the specific file. Requires a base directory and a relative filename. Use Case Internal files with hardcoded, trusted paths. Serving user-requested files from an upload folder. Security Best Practices flask.send_from_directory — Flask API

: Explicitly set the file type (e.g., 'application/pdf' ) if automatic detection fails. send_from_directory vs. send_file flask download file send_from_directory

: The specific file to retrieve from that directory. While both can send files, for user-provided filenames