0

In our app, we allow people to embed videos using iframe or script tags. But we dont want to allow the people watching the video to easily copy these embed codes and post them elsewhere.

For iframes - what we've done is, in the iframe tag, we replace the src attribute's value with a proxy URL we have setup inside our application which simply redirects to the actual src URL. Besides this, it also does the authentication at this stage.

Clever people will surely be able to crack this, but this seems like a good solution for most cases since when they try to inspect the dom they only see the proxy URL and not the actual one.

For < script/> - I tried doing the same, but did not work out. Eg. -

<div id="wowza_player"><script src='//player.cloud.wowza.com/hosted/abcdefg/wowza.js' type='text/javascript'></script></div>

Is there anyway to obfuscate or prevent abuse of these embed codes?

Thanks!

Steve Robinson
  • 3,759
  • 3
  • 36
  • 57

1 Answers1

0

In case of iFrame, it can be possible to verify the domain that "call" the iframe using the referer. See How to limit display of iframe from an external site to specific domains only

Community
  • 1
  • 1
aprovent
  • 941
  • 6
  • 20
  • Actually, I dont control the iframe's source application. It might be YouTube, Vimeo etc. So, there's no way for me to restrict those iframes from rendering in certain domains only :) – Steve Robinson Dec 11 '15 at 11:44