1

I am showing a .stl file at my Blade view like:

var stl_viewer=new StlViewer(document.getElementById("stl_cont"), {
    auto_rotate:true,
    auto_resize: true,
    cameray: 30,
    allow_drag_and_drop:true,

    models: [ {
        id:0,
        //It can be direct link or something it doesn't matter.
        filename:"{{Storage::url($file->path)}}"
    } ]
});

HTML Code is:

<div id="stl_cont"  style="min-height: 400px;"></div>

When user inspects the page they can find the link and they can download the file directly.

I don't want this to happen.

Kirk Beard
  • 9,569
  • 12
  • 43
  • 47
furkankufrevi
  • 39
  • 10
  • Since the browser has to download the File to display it that’s not possible as asked. Does this answer your question? [Prevent HTML5 video from being downloaded (right-click saved)?](https://stackoverflow.com/questions/9756837/prevent-html5-video-from-being-downloaded-right-click-saved) – AD7six Apr 17 '22 at 08:19
  • I am looking for ways to hide the link from users. – furkankufrevi Apr 17 '22 at 13:46

1 Answers1

1

Ok, I solved my issue with base64_encode function.

First, I send the URL encrypted:

$encrypted = base64_encode($file->path);
    return view('product', compact('product','encrypted'));

Then I get data into a variable on-page javascript.

var tboe  = '{{$encrypted}}';

This variable becomes global and I get the variable from separated .js file like:

   //example
   var file = atob(tboe);

I believe this makes the user reach the file hard. I can't find another way.

furkankufrevi
  • 39
  • 10
  • base64 is not an encryption. It is a different base numbering system like binary (base 2) or hexadecimal (base 16) or decimal (base 10). I don't think anyone would ever suggest that converting a number to hex is encrypting it – apokryfos Apr 17 '22 at 21:51
  • Since I can't find any solutions to my problem I decided to go through this way. I tried Crypt::encrypt(URL) but I can't make it encrypt at javascript. – furkankufrevi Apr 17 '22 at 21:59
  • The short story is, the browser needs to read the URL for the page to work. There is no way around it. And the browser is something the client controls – apokryfos Apr 17 '22 at 22:02
  • 1
    Just look at the network tab and load the page - the url of the file is plainly visible. You either don’t load the file and do (whatever) a different way, or you do load the file directly and there is no way to stop the user from accessing the file, because they already have it. – AD7six Apr 18 '22 at 07:30
  • I decided to send the file to the free products. – furkankufrevi Apr 23 '22 at 21:12