Solved

HTTP referer header not sent when Flash requests image files from server

Posted on 2004-09-23
5
246 Views
Last Modified: 2012-06-27
HTTP referer header not sent when Flash requests image files from server:

1. Does Flash always/sometimes/never send HTTP referrer strings when it dynamically loads an image (or other files) from the server?

2. Is there a setting to change that behaviour, or is it hard-wired into flash?

3. Do Mozilla and Interner Explorer work the same way on this?

My reason for asking is because I have a dual-interface HTML / Flash site with images that I would protect from being included on other peoples' sites. I use Apache's "SetEnvIf Referer..." directive to "Allow" only requests with the referrer equalling my local site. This works fine for the HTML version of the site, but fails on the Flash version, because it appears Flash does not send the HTTP referer header.

4. Anyone got a suggestion on how to overcome that?

Cheers
JP
0
Comment
Question by:jdpipe
  • 3
  • 2
5 Comments
 
LVL 10

Expert Comment

by:muso120999
Comment Utility
You could add a LoadVars at the start of the movie to request the referrer (using PHP os ASP to send the vars back), or other code to authorise the source.  It's a start at least.
0
 
LVL 7

Author Comment

by:jdpipe
Comment Utility
Cheers muso - please could you explain the process as you see it? I'm the apache/php guy, more than I am the Flash guy.

Mind you, really,  I'm not actually after any tricks that require changing the flash code - it's more about what Flash does/doesn't do, if you have ever looked into it. Do you know the answer to that first question I posed?
0
 
LVL 10

Expert Comment

by:muso120999
Comment Utility
This will need some tinkering, but hopefully this will help give you an idea of what I'm getting at.  It wont stop people decompiling your Flash, and hacking the code out though.

auth.php
<?php
   if ($HTTP_POST_VARS["auth"]=="authorisation_code") {
      $path = $HTTP_REFERER;
      echo "&okay=true&referer=$path&";
   } else {
      echo "&okay=false&";
   }
?>

and in Flash something like:

form = new LoadVars();
form.auth = "authorisation_code";
form.onLoad = function() {
      if (this.referer.indexOf("www.mywebsite.com")>0) {
            // referer okay
      } else {
            // referer not validated
      }
};
form.sendAndLoad("./auth.php", form, "POST");

0
 
LVL 10

Accepted Solution

by:
muso120999 earned 125 total points
Comment Utility
Actually I've found a link here that's more relevant (and probably more useful) than my last post:
http://www.ozzu.com/ftopic21804.html
0
 
LVL 7

Author Comment

by:jdpipe
Comment Utility
Hey muso, I actually found that page before posting this question. I found it all a bit inconclusive though. Maybe I should have posted on the Flash forums. If noone can come back with a more authoritative response in a couple of days then I'll cough up the points...
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

This is intended to introduce all collision detection principles in flash, their strengths, weaknesses and workarounds. The main method for Collision Detection in flash is using hitTestObject. But unless you'll be pushing rectangular shapes without …
I come across a lot of question about how to access things in the document class from a movieclip, or accessing something from a movieclip in the document class. It took me a while to figure this out but once I did it makes life so much easier. …
The goal of the tutorial is to teach the user how to how to record live broadcast.
The goal of the tutorial is to teach the user what frame rate is, how to control it and what effect it has on the video.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now