vendredi 29 décembre 2017

Verifying if request from inside website

I am trying apply some protection for videos played inside website from being downloaded by other than the player itself.

I figured out the following solution to do

In view file :

@php
$token = uniqid ();
Session::put('videoToken',$token);
@endphp

<video id="my-video" class="video-js" controls preload="auto" width="800" height="450"
                           poster="" data-setup="{}">
                        <source src="?token=$token" type='video/mp4'>

                        <p class="vjs-no-js">
                            To view this video please enable JavaScript, and consider upgrading to a web browser that
                            <a href="http://ift.tt/1n3ZgSJ" target="_blank">supports HTML5 video</a>
                        </p>
                    </video>

videoView Route:-

Route::get('/video/{id}',function(Request $request){
if ($request->token == Session::get('videoToken'))
{
$post = Post::find($id);
return response()->download($post->path, 'vid.mp4');
}
else{
die();
}
})->name('videoView');

Well, for the above coding , i will make sure that the video file is only generated if $token verified , how can i add extra layer to verify if request is coming from the page where player is, so any one if try to access that video by using the URL : http://ift.tt/2zNqryE , it wont work.



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire