A major risk with send_file is . If you pass user input directly into the path, an attacker could download sensitive files like database.yml . Dangerous:
'attachment' (default): Forces the browser to show a "Save As" dialog. rails send_file download
: When set to true , it sends the file in chunks rather than loading it all into memory, which is essential for large files. Example with options: A major risk with send_file is
send_file file_path, filename: "Report-#{Date.today}.pdf", type: "application/pdf", disposition: "attachment" Use code with caution. Performance: send_file vs. send_data send_file send_data A path to a file on disk. Raw binary data in memory. Best For Existing files (images, PDFs, ZIPs). On-the-fly generated content (CSV, JSON). Optimization Can use web server optimizations like X-Sendfile . Always handled by the Ruby process. Boosting Performance with X-Sendfile : When set to true , it sends
In Ruby on Rails, the send_file method is the standard way to trigger a file download from the server's file system. Unlike standard rendering, it streams the file's contents to the browser, making it efficient for serving documents, exports, or media files. How to Use send_file
'inline' : Tells the browser to attempt to open the file directly (useful for PDFs or images).
