Solved

HTTP referer header not sent when Flash requests image files from server

Posted on 2004-09-23
5
260 Views
Last Modified: 2012-06-27
HTTP referer header not sent when Flash requests image files from server:

1. Does Flash always/sometimes/never send HTTP referrer strings when it dynamically loads an image (or other files) from the server?

2. Is there a setting to change that behaviour, or is it hard-wired into flash?

3. Do Mozilla and Interner Explorer work the same way on this?

My reason for asking is because I have a dual-interface HTML / Flash site with images that I would protect from being included on other peoples' sites. I use Apache's "SetEnvIf Referer..." directive to "Allow" only requests with the referrer equalling my local site. This works fine for the HTML version of the site, but fails on the Flash version, because it appears Flash does not send the HTTP referer header.

4. Anyone got a suggestion on how to overcome that?

Cheers
JP
0
Comment
Question by:jdpipe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 10

Expert Comment

by:muso120999
ID: 12131839
You could add a LoadVars at the start of the movie to request the referrer (using PHP os ASP to send the vars back), or other code to authorise the source.  It's a start at least.
0
 
LVL 7

Author Comment

by:jdpipe
ID: 12133030
Cheers muso - please could you explain the process as you see it? I'm the apache/php guy, more than I am the Flash guy.

Mind you, really,  I'm not actually after any tricks that require changing the flash code - it's more about what Flash does/doesn't do, if you have ever looked into it. Do you know the answer to that first question I posed?
0
 
LVL 10

Expert Comment

by:muso120999
ID: 12134162
This will need some tinkering, but hopefully this will help give you an idea of what I'm getting at.  It wont stop people decompiling your Flash, and hacking the code out though.

auth.php
<?php
   if ($HTTP_POST_VARS["auth"]=="authorisation_code") {
      $path = $HTTP_REFERER;
      echo "&okay=true&referer=$path&";
   } else {
      echo "&okay=false&";
   }
?>

and in Flash something like:

form = new LoadVars();
form.auth = "authorisation_code";
form.onLoad = function() {
      if (this.referer.indexOf("www.mywebsite.com")>0) {
            // referer okay
      } else {
            // referer not validated
      }
};
form.sendAndLoad("./auth.php", form, "POST");

0
 
LVL 10

Accepted Solution

by:
muso120999 earned 125 total points
ID: 12134218
Actually I've found a link here that's more relevant (and probably more useful) than my last post:
http://www.ozzu.com/ftopic21804.html
0
 
LVL 7

Author Comment

by:jdpipe
ID: 12134707
Hey muso, I actually found that page before posting this question. I found it all a bit inconclusive though. Maybe I should have posted on the Flash forums. If noone can come back with a more authoritative response in a couple of days then I'll cough up the points...
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I know the transition can be hard. We got used to the ease of use ActionScript 2 had, but honestly, it became problematic later on, especially if designers were involved in the project and found it easy to add code as they saw fit. So, this artic…
Introduction This article is primarily concerned with ActionScript 3 and generally specific to AVM2.  Most suggestions would apply to ActionScript 2 as well, and I've noted those tips that differ between AS2 and AS3. With the advent of ActionS…
The goal of the tutorial is to teach the user how to how to load their YouTube profile onto Flash Media Live Encoder.
The goal of the tutorial is to teach the user how to use the auto adjust feature and what the different options do. When your video is not working right you can choose the auto adjust feature to help choose your settings.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question