Verifying an 'if' request from inside the website

Question

I am trying to apply some protection for videos, played inside the website, from being downloaded by anything other than the player itself.

I figured out the following solution:

In view file :

@php
$token = uniqid ();
Session::put('videoToken',$token);
@endphp

<video id="my-video" class="video-js" controls preload="auto" width="800" height="450"
                           poster="{{$post->thumbnails}}" data-setup="{}">
                        <source src="{{route('videoView',['id'=> $post->id]}}?token=$token" type='video/mp4'>

                        <p class="vjs-no-js">
                            To view this video please enable JavaScript, and consider upgrading to a web browser that
                            <a href="http://videojs.com/html5-video-support/" target="_blank">supports HTML5 video</a>
                        </p>
                    </video>

videoView Route:-

Route::get('/video/{id}',function(Request $request){
if ($request->token == Session::get('videoToken'))
{
$post = Post::find($id);
return response()->download($post->path, 'vid.mp4');
}
else{
die();
}
})->name('videoView');

For the above coding , I will make sure that the video file is only generated if '$token' is verified. How can I add an extra layer to verify if a request is coming from the page where the player is, so that anybody who tries to download the video by using the URL : http://mywebsite.com/video/5?token=54syrerrerw3rre , will not be able to.

A l w a y s S u n n y · Answer 1 · 2017-12-30T02:32:49.813

1

As far as I know it is not possible because In HTTP protocol, each request is independent from the others. But I've an approach to check request is from source domain or not. Try like this, it will return true if it is from same domain else false.

function requestIsFromSameSourceDomain(){

   if ((isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']))) {

     if (strtolower(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST)) != strtolower($_SERVER['HTTP_HOST'])) {
       return false;
     }else{
       return true;
   }
  }
}

As per comment of Funk Forty Niner : please have a look here How reliable is HTTP_REFERER? before using above method

edited Dec 30 '17 at 02:32

answered Dec 30 '17 at 01:34

A l w a y s S u n n y

36,497
8
60
103

`$_SERVER['HTTP_REFERER']` isn't reliable and here's why [How reliable is HTTP_REFERER?](https://stackoverflow.com/a/6023980/1415724) - you should edit your answer to inform them about it. Edit: I noticed the edit, great. – Funk Forty Niner Dec 30 '17 at 02:30
Thanks for the source link..@FunkFortyNiner – A l w a y s S u n n y Dec 30 '17 at 02:34

Verifying an 'if' request from inside the website

1 Answers1