No $_SERVER['HTTP_REFERER'] when using LoadVars in flash

Posted on 2007-09-28
Medium Priority
Last Modified: 2012-05-05
It seems that LoadVars requests send different header information than getURL does...

In flash if I make a call to getURL, the receiving php file has $_SERVER['HTTP_REFERER'] populated
while if I use LoadVars.send, the receiving php file $_SERVER['HTTP_REFERER'] is blank

Is there a way to either use getURL transparently (not opening a new window) or LoadVars to send a request to my php script where $_SERVER['HTTP_REFERER'] will be properly populated?
Question by:rmirabelle

Author Comment

ID: 19981943
Ive found my own solution to the problem.  

The idea was to track the url of any site hosting my swf.  I figured the best place to track this data was when the swf made a request to my server to load its variables using LoadVars.  As it turns out, Adobe has documented that LoadVars does not send the 'referrer' header when making requests.

The solution is to record the host at a different time.  By replacing the name of the swf in the object/embed tags with a dynamic variable:

<embed src="myserver.php?swf=myflash.swf">

the myserver.php page can receive the incoming swf parameter and then forward to the correct swf file like so:

$swf = $_GET['swf'];
header('Location:' . $swf);

Here's the cool part, just before sending the header, I can grab the referring url like so:

$swf = $_GET['swf'];
$referrer = $_SERVER['HTTP_REFERER'];
header('Location:' . $swf);

this works because the call to myserver.php DOES include the 'referrer' header tag.

Hope this helps someone!

Accepted Solution

Computer101 earned 0 total points
ID: 20561810
PAQed with points refunded (500)

EE Admin

Expert Comment

ID: 24528353
I think I've thought of a better and easier way to handle this.  Hear me out on this.
first, use the .htaccess to limit access to the files/folder based on referer.  allow access to the file if the referer = www.mydomain.com/myflash.swf.  i realize that referer's can be tricked but lets face it, nothing is full proof at all, even streaming servers can have their streams recorded with programs like WMRecorder.

in my swf file, first i would use sendandload to contact a php script that checked the referer and if it equaled something correct then i send the subfolder and name of the flv to the SWF file.  so now the swf file has the correct url to fetch the MP4 or FLV.  so then my movie player simply loads that URL and .htaccess that is protecting the FLV and MP4 files checks to see if the referer is coming the correct location (this would be the URL that the movie was loaded from which is the same server and domain) and if so then allows access to the file!

what this does is keeps people from really knowing the URL to the file unless they are using a sniffer or something like that because the URL and file is not embedded into any html that loads the flash movie etc etc.  and even if they did know the URL to the file .htaccess wouldn't allow them to get it because the referer must be set correctly.  Again, nothing is full proof but this sounds like something that would deter 90% of people.  most people simply aren't going to go to the trouble to figure out the URL of the files and modify the referer header.


thanks again.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
This article discusses how to create an extensible mechanism for linked drop downs.
Viewers will learn how to create and use Simpler instruments in Ableton Live. Load new Simpler into an empty MIDI track: Select a sample and drop it into sample window in Simpler: If sample is not pitched at C3, adjust tuning with Transpose para…
The goal of the tutorial is to teach the user how to use the auto adjust feature and what the different options do. When your video is not working right you can choose the auto adjust feature to help choose your settings.
Suggested Courses
Course of the Month17 days, 2 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question