No $_SERVER['HTTP_REFERER'] when using LoadVars in flash

Posted on 2007-09-28
Last Modified: 2012-05-05
It seems that LoadVars requests send different header information than getURL does...

In flash if I make a call to getURL, the receiving php file has $_SERVER['HTTP_REFERER'] populated
while if I use LoadVars.send, the receiving php file $_SERVER['HTTP_REFERER'] is blank

Is there a way to either use getURL transparently (not opening a new window) or LoadVars to send a request to my php script where $_SERVER['HTTP_REFERER'] will be properly populated?
Question by:rmirabelle
    LVL 1

    Author Comment

    Ive found my own solution to the problem.  

    The idea was to track the url of any site hosting my swf.  I figured the best place to track this data was when the swf made a request to my server to load its variables using LoadVars.  As it turns out, Adobe has documented that LoadVars does not send the 'referrer' header when making requests.

    The solution is to record the host at a different time.  By replacing the name of the swf in the object/embed tags with a dynamic variable:

    <embed src="myserver.php?swf=myflash.swf">

    the myserver.php page can receive the incoming swf parameter and then forward to the correct swf file like so:

    $swf = $_GET['swf'];
    header('Location:' . $swf);

    Here's the cool part, just before sending the header, I can grab the referring url like so:

    $swf = $_GET['swf'];
    $referrer = $_SERVER['HTTP_REFERER'];
    header('Location:' . $swf);

    this works because the call to myserver.php DOES include the 'referrer' header tag.

    Hope this helps someone!
    LVL 1

    Accepted Solution

    PAQed with points refunded (500)

    EE Admin

    Expert Comment

    I think I've thought of a better and easier way to handle this.  Hear me out on this.
    first, use the .htaccess to limit access to the files/folder based on referer.  allow access to the file if the referer =  i realize that referer's can be tricked but lets face it, nothing is full proof at all, even streaming servers can have their streams recorded with programs like WMRecorder.

    in my swf file, first i would use sendandload to contact a php script that checked the referer and if it equaled something correct then i send the subfolder and name of the flv to the SWF file.  so now the swf file has the correct url to fetch the MP4 or FLV.  so then my movie player simply loads that URL and .htaccess that is protecting the FLV and MP4 files checks to see if the referer is coming the correct location (this would be the URL that the movie was loaded from which is the same server and domain) and if so then allows access to the file!

    what this does is keeps people from really knowing the URL to the file unless they are using a sniffer or something like that because the URL and file is not embedded into any html that loads the flash movie etc etc.  and even if they did know the URL to the file .htaccess wouldn't allow them to get it because the referer must be set correctly.  Again, nothing is full proof but this sounds like something that would deter 90% of people.  most people simply aren't going to go to the trouble to figure out the URL of the files and modify the referer header.


    thanks again.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
    I have a Synology DS212+ NAS.  These are not only great for backup and normal NAS stuff, but also for delivering media throughout your home or LAN via DLNA.  I copied my whole audio collection from iTunes over to the box, but couldn't figure out how…
    Viewers will learn how to turn a Live Set into a compressed Live Pack file, and how to install Live Packs. Make: File > Collect All And Save: File > Manage Files: Click Manage Project: Click Create Pack: Select save location: Install: Doub…
    Viewers will learn how to use LFOs to modulate the sound of their Sampler instruments. Click the Modulation tab in Sampler: Choose one (or more) of the three available LFOs, and click the respective button to turn it on: Select a waveform, an LF…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now