Solved

HTTP referer header not sent when Flash requests image files from server

Posted on 2004-09-23
5
247 Views
Last Modified: 2012-06-27
HTTP referer header not sent when Flash requests image files from server:

1. Does Flash always/sometimes/never send HTTP referrer strings when it dynamically loads an image (or other files) from the server?

2. Is there a setting to change that behaviour, or is it hard-wired into flash?

3. Do Mozilla and Interner Explorer work the same way on this?

My reason for asking is because I have a dual-interface HTML / Flash site with images that I would protect from being included on other peoples' sites. I use Apache's "SetEnvIf Referer..." directive to "Allow" only requests with the referrer equalling my local site. This works fine for the HTML version of the site, but fails on the Flash version, because it appears Flash does not send the HTTP referer header.

4. Anyone got a suggestion on how to overcome that?

Cheers
JP
0
Comment
Question by:jdpipe
  • 3
  • 2
5 Comments
 
LVL 10

Expert Comment

by:muso120999
ID: 12131839
You could add a LoadVars at the start of the movie to request the referrer (using PHP os ASP to send the vars back), or other code to authorise the source.  It's a start at least.
0
 
LVL 7

Author Comment

by:jdpipe
ID: 12133030
Cheers muso - please could you explain the process as you see it? I'm the apache/php guy, more than I am the Flash guy.

Mind you, really,  I'm not actually after any tricks that require changing the flash code - it's more about what Flash does/doesn't do, if you have ever looked into it. Do you know the answer to that first question I posed?
0
 
LVL 10

Expert Comment

by:muso120999
ID: 12134162
This will need some tinkering, but hopefully this will help give you an idea of what I'm getting at.  It wont stop people decompiling your Flash, and hacking the code out though.

auth.php
<?php
   if ($HTTP_POST_VARS["auth"]=="authorisation_code") {
      $path = $HTTP_REFERER;
      echo "&okay=true&referer=$path&";
   } else {
      echo "&okay=false&";
   }
?>

and in Flash something like:

form = new LoadVars();
form.auth = "authorisation_code";
form.onLoad = function() {
      if (this.referer.indexOf("www.mywebsite.com")>0) {
            // referer okay
      } else {
            // referer not validated
      }
};
form.sendAndLoad("./auth.php", form, "POST");

0
 
LVL 10

Accepted Solution

by:
muso120999 earned 125 total points
ID: 12134218
Actually I've found a link here that's more relevant (and probably more useful) than my last post:
http://www.ozzu.com/ftopic21804.html
0
 
LVL 7

Author Comment

by:jdpipe
ID: 12134707
Hey muso, I actually found that page before posting this question. I found it all a bit inconclusive though. Maybe I should have posted on the Flash forums. If noone can come back with a more authoritative response in a couple of days then I'll cough up the points...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SWF won't scale? 4 520
YouTube video issue 28 110
What is needed to center a flash image to the center of the page? 4 97
Play RTMP without Flash 3 409
This is intended to introduce all collision detection principles in flash, their strengths, weaknesses and workarounds. The main method for Collision Detection in flash is using hitTestObject. But unless you'll be pushing rectangular shapes without …
There are times in your Flash CS4 application when you want more than a simple pointer or a hand, and it's hard to find an ideal walk-through to tell you what to do.  I spent a few days recently learning my way around making custom cursors in Flash,…
In this tutorial viewers will learn how to create a basic motion tween animation in Flash Open a new document in Flash: Draw/import an image: Press CTRL + F8 to convert it into a graphic symbol: Select a frame (how long you want the tween to last): …
The goal of the tutorial is to teach the user how to select which audio input to use. Once you have an audio input plugged into the laptop or computer, you will go into the audio input settings and choose which audio input you want to use.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now