2

I am a beginner in python. I am currently building an online video study website like Udemy and Treehouse using Flask. The little issue is that, the videos on the site can be downloaded by viewing or inspecting the source code. Browsers with video download extension (firefox, Chrome etc) can easily download videos when the video page loads. The HTML and python codes are shown below

<video id="videoElementID" width="100%" oncontextmenu="return false;" controlsList="nodownload" controls>
  <source src="{{ videoclip }}" id="video" type="video/mp4">
</video>


@posts.route("/<int:post_id>/<int:chapters_id>/<int:video_id>", methods=['GET','POST'])
@login_required 
def view_videos(post_id, chapters_id, video_id):
    posts=Post.query.get_or_404(post_id)
    if posts.author != current_user:
        abort(403)
    chapters=C.query.get_or_404(chapters_id)
    videos=V.query.get_or_404(video_id)
    videoclip = url_for('static', filename='stylesheets/v_uploads/' + posts.author.username + '/' + posts.course_name + '/' + videos.video_file) 
    return render_template('video.html', title="view video: ", videoclip=videoclip, posts=posts, chapters = chapters, videos=videos)

This is what I want:

  1. to prevent browsers with file download extension from downloading the videos on the site
  2. to hide the video url from the source code maybe by encrypting the path or the filename or the video itself
  3. or more...

I have tried .htaccess but i think it only works with PHP. I tried to encrypt the code but i couldn't do it successfully. I have checked stackoverflow questions, but wasn't successful. I know its impossible to completely stop viewers from downloading but i just want to make it harder to download. Please I really need you guys to help me out. Thanks

refugehome
  • 323
  • 3
  • 15

2 Answers2

1

I don't think the problem comes from the flask side, but from the frontend side. So you might check if this is possible through javascript. I quickly looked into it and saw the question below:

I think you are facing a problem related to that mentioned in - Prevent HTML5 video from being downloaded (right-click saved)? this article.

Hayden Eastwood
  • 928
  • 2
  • 10
  • 20
larek_aks
  • 29
  • 3
  • I have seen the post. `CSRF` tokens was the best option I think but i am having issues using it. I have already disabled the right click. But the url can still be easily visible on the source code – refugehome Apr 25 '20 at 11:56
0

You have a couple of options here to make it more difficult, in order of difficulty:

  1. You absolutely can use .htaccess (it is a web server feature--nothing to do with PHP) to require the referrer to be your site. Don't allow access to the video file if the referrer doesn't contain your site. (See here for how to do this in Apache or Nginx)
  2. Use the canvas technique described here
  3. HTTP live streaming (For example with Nginx)
  4. Use CSRF tokens
NickB
  • 113
  • 5
  • Thanks for your quick reply. I think why the .htaccess is not working for me is because i am running the site on my local machine. CSRF token is definitely a good option. Still trying to read through the documentation to understand how to encrypt the filename obtained from the database and using it to display the video properly – refugehome Apr 25 '20 at 12:15