Hacker News new | ask | show | jobs
by Meph504 1670 days ago
You could also just do like we did for years and check the refer for the image request, and if it wasn't your web server you redirect the file to whatever you want, the end user has know what of knowing. and because the trick is done on the server side then viewing your source won't get around it.

This is the same method used to prevent hot linking to images back in the day.
1 comments
still_grokking 1669 days ago
Modern browsers suppress the referrer. Relying on it for functionality is not a good idea.
link
Meph504 1669 days ago
Fair point, you can accomplish the same by comparing the ip adress that the image request came from against your servers.
link
ichicoro 1667 days ago
Wouldn't that just mean comparing the user's public address? It is the browser that is trying to download the image from your servers.
link
Meph504 1667 days ago
The shortest route yes, but I'd rather whitelist check, because depending on your infra, there might be a lot more things that make request for the content.

But the concept is the same, server side check the ip of the request, and take action based on that check.

link