Solved

HTTP referer header not sent when Flash requests image files from server

Posted on 2004-09-23
5
257 Views
Last Modified: 2012-06-27
HTTP referer header not sent when Flash requests image files from server:

1. Does Flash always/sometimes/never send HTTP referrer strings when it dynamically loads an image (or other files) from the server?

2. Is there a setting to change that behaviour, or is it hard-wired into flash?

3. Do Mozilla and Interner Explorer work the same way on this?

My reason for asking is because I have a dual-interface HTML / Flash site with images that I would protect from being included on other peoples' sites. I use Apache's "SetEnvIf Referer..." directive to "Allow" only requests with the referrer equalling my local site. This works fine for the HTML version of the site, but fails on the Flash version, because it appears Flash does not send the HTTP referer header.

4. Anyone got a suggestion on how to overcome that?

Cheers
JP
0
Comment
Question by:jdpipe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 10

Expert Comment

by:muso120999
ID: 12131839
You could add a LoadVars at the start of the movie to request the referrer (using PHP os ASP to send the vars back), or other code to authorise the source.  It's a start at least.
0
 
LVL 7

Author Comment

by:jdpipe
ID: 12133030
Cheers muso - please could you explain the process as you see it? I'm the apache/php guy, more than I am the Flash guy.

Mind you, really,  I'm not actually after any tricks that require changing the flash code - it's more about what Flash does/doesn't do, if you have ever looked into it. Do you know the answer to that first question I posed?
0
 
LVL 10

Expert Comment

by:muso120999
ID: 12134162
This will need some tinkering, but hopefully this will help give you an idea of what I'm getting at.  It wont stop people decompiling your Flash, and hacking the code out though.

auth.php
<?php
   if ($HTTP_POST_VARS["auth"]=="authorisation_code") {
      $path = $HTTP_REFERER;
      echo "&okay=true&referer=$path&";
   } else {
      echo "&okay=false&";
   }
?>

and in Flash something like:

form = new LoadVars();
form.auth = "authorisation_code";
form.onLoad = function() {
      if (this.referer.indexOf("www.mywebsite.com")>0) {
            // referer okay
      } else {
            // referer not validated
      }
};
form.sendAndLoad("./auth.php", form, "POST");

0
 
LVL 10

Accepted Solution

by:
muso120999 earned 125 total points
ID: 12134218
Actually I've found a link here that's more relevant (and probably more useful) than my last post:
http://www.ozzu.com/ftopic21804.html
0
 
LVL 7

Author Comment

by:jdpipe
ID: 12134707
Hey muso, I actually found that page before posting this question. I found it all a bit inconclusive though. Maybe I should have posted on the Flash forums. If noone can come back with a more authoritative response in a couple of days then I'll cough up the points...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I know the transition can be hard. We got used to the ease of use ActionScript 2 had, but honestly, it became problematic later on, especially if designers were involved in the project and found it easy to add code as they saw fit. So, this artic…
I have been doing hardcore actionscripting for some time; and needless to say I have faced a lot of problems in just understanding others' code rather than understanding what the code executes. A programmer's life can become hell when there are a lo…
The goal of the tutorial is to teach the user how to set there setting in Adobe Flash Media Live Encoder and YouTube for optimal video and audio quality.
The goal of the tutorial is to teach the user how to select the video input device. Make sure you have an input device that in connected and work and recognized by Adobe Flash Media Live Encoder and select it in the “video input” menu.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question