stackoom
  简体   繁体   中英

Verifying an 'if' request from inside the website

 原文  2017-12-30 01:13:02       php/ security/ laravel-5/ token

Question

I am trying to apply some protection for videos, played inside the website, from being downloaded by anything other than the player itself.

I figured out the following solution:

In view file :

@php
$token = uniqid ();
Session::put('videoToken',$token);
@endphp

<video id="my-video" class="video-js" controls preload="auto" width="800" height="450"
                           poster="{{$post->thumbnails}}" data-setup="{}">
                        <source src="{{route('videoView',['id'=> $post->id]}}?token=$token" type='video/mp4'>

                        <p class="vjs-no-js">
                            To view this video please enable JavaScript, and consider upgrading to a web browser that
                            <a href="http://videojs.com/html5-video-support/" target="_blank">supports HTML5 video</a>
                        </p>
                    </video>

videoView Route:-

Route::get('/video/{id}',function(Request $request){
if ($request->token == Session::get('videoToken'))
{
$post = Post::find($id);
return response()->download($post->path, 'vid.mp4');
}
else{
die();
}
})->name('videoView');

For the above coding , I will make sure that the video file is only generated if '$token' is verified. How can I add an extra layer to verify if a request is coming from the page where the player is, so that anybody who tries to download the video by using the URL : http://mywebsite.com/video/5?token=54syrerrerw3rre , will not be able to.

1 answers

solution1
 1  2017-12-30 01:34:57

As far as I know it is not possible because In HTTP protocol, each request is independent from the others . But I've an approach to check request is from source domain or not. Try like this, it will return true if it is from same domain else false .

function requestIsFromSameSourceDomain(){

   if ((isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']))) {

     if (strtolower(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST)) != strtolower($_SERVER['HTTP_HOST'])) {
       return false;
     }else{
       return true;
   }
  }
}

As per comment of Funk Forty Niner : please have a look here How reliable is HTTP_REFERER? before using above method

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Verifying that the click came from the specific website Verifying iframe post request from other domain Verifying the values from database Verifying Salt from Database Troubles with verifying a SQL request using a PDO prepare Verifying multiple emails from array Verifying complete response from cURL Verifying if a word exist inside my content Allow login to website only if request comes from another specific website Scheduled Request to my website from an external source
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM