HTTP referer header not sent when Flash requests image files from server

Posted on 2004-09-23
Medium Priority
Last Modified: 2012-06-27
HTTP referer header not sent when Flash requests image files from server:

1. Does Flash always/sometimes/never send HTTP referrer strings when it dynamically loads an image (or other files) from the server?

2. Is there a setting to change that behaviour, or is it hard-wired into flash?

3. Do Mozilla and Interner Explorer work the same way on this?

My reason for asking is because I have a dual-interface HTML / Flash site with images that I would protect from being included on other peoples' sites. I use Apache's "SetEnvIf Referer..." directive to "Allow" only requests with the referrer equalling my local site. This works fine for the HTML version of the site, but fails on the Flash version, because it appears Flash does not send the HTTP referer header.

4. Anyone got a suggestion on how to overcome that?

Question by:jdpipe
  • 3
  • 2
LVL 10

Expert Comment

ID: 12131839
You could add a LoadVars at the start of the movie to request the referrer (using PHP os ASP to send the vars back), or other code to authorise the source.  It's a start at least.

Author Comment

ID: 12133030
Cheers muso - please could you explain the process as you see it? I'm the apache/php guy, more than I am the Flash guy.

Mind you, really,  I'm not actually after any tricks that require changing the flash code - it's more about what Flash does/doesn't do, if you have ever looked into it. Do you know the answer to that first question I posed?
LVL 10

Expert Comment

ID: 12134162
This will need some tinkering, but hopefully this will help give you an idea of what I'm getting at.  It wont stop people decompiling your Flash, and hacking the code out though.

   if ($HTTP_POST_VARS["auth"]=="authorisation_code") {
      $path = $HTTP_REFERER;
      echo "&okay=true&referer=$path&";
   } else {
      echo "&okay=false&";

and in Flash something like:

form = new LoadVars();
form.auth = "authorisation_code";
form.onLoad = function() {
      if (this.referer.indexOf("www.mywebsite.com")>0) {
            // referer okay
      } else {
            // referer not validated
form.sendAndLoad("./auth.php", form, "POST");

LVL 10

Accepted Solution

muso120999 earned 375 total points
ID: 12134218
Actually I've found a link here that's more relevant (and probably more useful) than my last post:

Author Comment

ID: 12134707
Hey muso, I actually found that page before posting this question. I found it all a bit inconclusive though. Maybe I should have posted on the Flash forums. If noone can come back with a more authoritative response in a couple of days then I'll cough up the points...

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This is a very simple example to help those of you who are still migrating from AS2 to AS3 understand the redesigned event model in AS3. In AS2.0, event functions (that is, the function to be performed when an event is fired) were stored as a pro…
I have been doing hardcore actionscripting for some time; and needless to say I have faced a lot of problems in just understanding others' code rather than understanding what the code executes. A programmer's life can become hell when there are a lo…
In this tutorial viewers will learn how to create a basic shape tween animation in Flash including shape hints for smooth animation Open a new document in Flash: Draw a shape: Select another frame (how long you want the tween to be): Right click and…
The goal of the tutorial is to teach the user how to how to record live broadcast.

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question