Using WhiteNoise with any WSGI application¶
These instructions apply to any WSGI application. However, for Django applications you would be better off using the DjangoWhiteNoise class which makes integration easier.
To enable WhiteNoise you need to wrap your existing WSGI application in a WhiteNoise instance and tell it where to find your static files. For example:
from whitenoise import WhiteNoise from my_project import MyWSGIApp application = MyWSGIApp() application = WhiteNoise(application, root='/path/to/static/files') application.add_files('/path/to/more/static/files', prefix='more-files/')
On initialization, WhiteNoise walks over all the files in the directories that have been added (descending into sub-directories) and builds a list of available static files. Any requests which match a static file get served by WhiteNoise, all others are passed through to the original WSGI application.
WhiteNoise(application, root=None, prefix=None, **kwargs)¶
- application (callable) – Original WSGI application
- root (str) – If set, passed to
- prefix (str) – If set, passed to
- **kwargs – Sets configuration attributes for this instance
add_files(root, prefix=None, followlinks=False)¶
- root (str) – Absolute path to a directory of static files to be served
- prefix (str) – If set, the URL prefix under which the files will be served. Trailing slashes are automatically added.
- followlinks (bool) – Whether to follow directory symlinks when walking the directory tree to find files. Note that symlinks to files will always work.
When WhiteNoise builds its list of available files it checks for corresponding
files with a
.gz and a
.br suffix (e.g.,
scripts/app.js.br). If it finds them, it will
assume that they are (respectively) gzip and brotli compressed versions of the
original file and it will serve them in preference to the uncompressed version
where clients indicate that they that compression format (see note on Amazon S3
for why this behaviour is important).
WhiteNoise comes with a command line utility which will generate compressed versions of your files for you. Note that in order for brotli compression to work the brotlipy Python package must be installed.
Usage is simple:
$ python -m whitenoise.compress --help usage: compress.py [-h] [-q] [--no-gzip] [--no-brotli] root [extensions [extensions ...]] Search for all files inside <root> *not* matching <extensions> and produce compressed versions with '.gz' and '.br' suffixes (as long as this results in a smaller file) positional arguments: root Path root from which to search for files extensions File extensions to exclude from compression (default: jpg, jpeg, png, gif, webp, zip, gz, tgz, bz2, tbz, swf, flv, woff, woff2) optional arguments: -h, --help show this help message and exit -q, --quiet Don't produce log output --no-gzip Don't produce gzip '.gz' files --no-brotli Don't produce brotli '.br' files
You can either run this during development and commit your compressed files to your repository, or you can run this as part of your build and deploy processes. (Note that DjangoWhiteNoise handles this automatically, if you’re using the custom storage backend.)
By default, WhiteNoise sets a max-age header on all responses it sends. You can
configure this by passing a
max_age keyword argument.
Most modern static asset build systems create uniquely named versions of each file. This results in files which are immutable (i.e., they can never change their contents) and can therefore by cached indefinitely. In order to take advantage of this, WhiteNoise needs to know which files are immutable. This can be done by sub-classing WhiteNoise and overriding the following method:
def is_immutable_file(self, static_file, url): return False
The exact details of how you implement this method will depend on your particular asset build system (see the source for DjangoWhiteNoise for inspiration).
Once you have implemented this, any files which are flagged as immutable will have ‘cache forever’ headers set.
Using a Content Distribution Network¶
See the instructions for using a CDN with Django . The same principles apply here although obviously the exact method for generating the URLs for your static files will depend on the libraries you’re using.
Redirecting to HTTPS¶
WhiteNoise does not handle redirection itself, but works well alongside
wsgi-sslify, which performs HTTP to HTTPS redirection as well as optionally
setting an HSTS header. Simply wrap the WhiteNoise WSGI application with
sslify() - see the wsgi-sslify documentation for more details.
These can be set by passing keyword arguments to the constructor, or by sub-classing WhiteNoise and setting the attributes directly.
Recheck the filesystem to see if any files have changed before responding. This is designed to be used in development where it can be convenient to pick up changes to static files without restarting the server. For both performance and security reasons, this setting should not be used in production.
Time (in seconds) for which browsers and proxies should cache files.
The default is chosen to be short enough not to cause problems with stale versions but long enough that, if you’re running WhiteNoise behind a CDN, the CDN will still take the majority of the strain during times of heavy load.
A dictionary mapping file extensions (lowercase) to the mimetype for that extension. For example:
Note that WhiteNoise ships with its own default set of mimetypes and does not use the system-supplied ones (e.g.
/etc/mime.types). This ensures that it behaves consistently regardless of the environment in which it’s run. View the defaults in the media_types.py file.
In addition to file extensions, mimetypes can be specified by supplying the entire filename, for example:
Charset to add as part of the
Content-Typeheader for all files whose mimetype allows a charset.
Toggles whether to send an
Access-Control-Allow-Origin: *header for all static files.
This allows cross-origin requests for static files which means your static files will continue to work as expected even if they are served via a CDN and therefore on a different domain. Without this your static files will mostly work, but you may have problems with fonts loading in Firefox, or accessing images in canvas elements, or other mysterious things.
The W3C explicitly state that this behaviour is safe for publicly accessible files.
Reference to a function which is passed the headers object for each static file, allowing it to modify them.
def force_download_pdfs(headers, path, url): if path.endswith('.pdf'): headers['Content-Disposition'] = 'attachment' application = WhiteNoise(application, add_headers_function=force_download_pdfs)
The function is passed:
- A wsgiref.headers instance (which you can treat just as a dict) containing the headers for the current file
- The absolute path to the local file
- The host-relative URL of the file e.g.
The function should not return anything; changes should be made by modifying the headers dictionary directly.