LauGau LauGau - 2 days ago 3
Python Question

Django | joined path is located outside of the base path component {% static img.thumbnail.url %}, Error 400 with whitenoise

I've finish my first app in Django and works perfectly, but still have pre-deployment problems since I set DEGUG=False ...
Here is just to display an image in a template... T_T

I was using this, but now it does'nt work when I use whitenoise to serve my image localy... And it return a Bad Request(400) error...

class GalleryItem(models.Model):
thumbnail = models.ImageField(blank=True,upload_to='gallery/thumb')
img_wide = models.ImageField(blank=True,upload_to='gallery')

{% load staticfiles %}
{% for img in img_to_display %}
<a href="{{ img.img_wide.url}}" class="swipebox" title="">
<img src="{% static img.thumbnail.url %}" alt="{{ img.alt}}">
{% endfor %}

from django.conf.urls import url, include
from django.contrib import admin
from django.conf import settings
import os

from django.conf import settings
from django.conf.urls.static import static

urlpatterns = [
url(r'^gallery/', include('gallery.urls')),
url(r'^shop/', include('shop.urls')),
url(r'^events/', include('events.urls')),
url(r'^page/', include('paginator.urls')),
url(r'^news/', include('blog.urls')),
url(r'^ckeditor/', include('ckeditor_uploader.urls')),
] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)

import os
import dj_database_url

BASE_DIR = os.path.dirname(os.path.dirname(__file__))
print("BASE_DIR = ",BASE_DIR)
MEDIA_ROOT = os.path.join(BASE_DIR, 'wt/static/media/')
MEDIA_URL = '/media/'


DEBUG = False



ROOT_URLCONF = 'wt.urls'

'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [os.path.join(BASE_DIR, 'templates')],
'APP_DIRS': True,
'context_processors': [

WSGI_APPLICATION = 'wt.wsgi.application'

'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'wt_db',
'USER': 'postgres',
'HOST': '',
'PORT': '5432',

'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',

USE_I18N = True
USE_L10N = True
USE_TZ = True

db_from_env = dj_database_url.config(conn_max_age=500)

ALLOWED_HOSTS = ['localhost', '',]

STATIC_ROOT = os.path.join(BASE_DIR, 'wt/staticfiles')
STATIC_URL = '/static/'

os.path.join(BASE_DIR, 'wt/static'),
os.path.join(BASE_DIR, 'wt/staticfiles'),

STATICFILES_STORAGE = 'whitenoise.django.GzipManifestStaticFilesStorage'


Here my error log :

The joined path (E:\media\gallery\thumb\lost-thumb.jpg) is located outside of the base path component (E:\dev\wt\wt\wt\staticfiles)
[15/May/2016 20:01:41] "GET /page/gallery HTTP/1.1" 400 26

Thanks a lot for helping ! :)


principal structure

project folder


I gess it was a security issue. Even if "whitenoise" is good to serve true static files in production, it can't serve media files.

I was making a structure error :

# Don't place your 'media' files IN your 'static' file like this :

MEDIA_ROOT = os.path.join(BASE_DIR, 'wt/static/media/')

MEDIA_ROOT never have to be in the "static" file of your project (even if you can make it works in some ways, it's not a good practice I think).

'MEDIA' files (in production), have to be serve out of the Django project. I've read somewhere that we have to use a CDN. And firstly I choose CloudFlare (because it's free), but it wasn't working, cause you need a subdomain/hostname to point your MEDIA_ROOT, and CloudFlare doesn't give that. Finaly I choose Amazon S3.

So, in conclusion write something like {% static img.thumbnail.url %} make no sense. Because everything uploaded via admin/user haven't to be in "static".

Use {{ img.thumbnail.url }} instead.