We would like to make it difficult for users to download the video locally after making it possible to view the video with the HTML5 video tag.Instead of using streaming protocols such as HLS and RTMP, we assume that the source tag is the URL of the mp4 video.
If you are not a user with a certain level of knowledge and motivation, you will not download it.By the way, the server is built with rails, but the code can be in any language.
I have come up with the following methods.
$('video').contextmenu(function(){
return false;
});
Restrict the reference to the URL of the video viewing page only.
Give a token to the URL and set an expiration date.(I tried to set up a one-time token, but I gave up because browsers such as Chrome had to send requests multiple times with a Range header.)
Obfuscate the source code to make it difficult to understand what kind of characters are in the video URL in the source tag above. (I think it doesn't make much sense to see the video URL if you look at Chrome's developer tools.)
Limit the referrals to the URL of the video viewing page only.
A token is given to the URL and an expiration date is set.(I tried to set up a one-time token, but I gave up because browsers such as Chrome had to send requests multiple times with a Range header.)
Obfuscate the source code to make it difficult to understand what kind of characters are in the video URL in the source tag above. (I think it doesn't make much sense to see the video URL if you look at Chrome's developer tools.)
Is there any other way to increase the download hurdle?We ask for your help.
javascript ruby-on-rails html5 video mp4
I think it's common to give a token to the URL and set an expiration date.
As long as MP4 can be played using video elements, downloading cannot be fundamentally disabled, but
comes to mind.and so on, but they're all bad footprints.
For your information, this is a sample on the server side php so that it will not be downloaded without permission.
あらかじめ When you log in a cookie in advance, it is necessary to set it according to the operating conditions
This is a sample to verify operation. You need to consider and add restrictions.
Calling
<video src="hoge.php?f=sample.mp4">/video>
hoge.php
// setcookie("test", time(), time()); // Set when logged in, etc.
// I will not print the error this time because it will reveal my hand.
$file=';
$path='/test/files/';
if(!isset($_COOKIE["test"])) exit;
$check=intval($_COOKIE["test"])+(60*60*2);
if($check<time()) exit;
if(!isset($_GET['f'])){
exit;
} else {
if(count($_GET)>1)exit;//Exit if extra parameters are present (if present)
$file=$_GET['f'];
if($file==')exit;
}
if(file_exists($path.$file)){// Verify file exists
// This time, only minimal headers should be output and added if necessary.
// header('Content-Description: File Transfer');
// header('Content-Type: application/octet-stream');
header('Content-Type:video/mp4'); // Change to video format in a timely manner
// header('Content-Disposition: attachment; filename='.basename($file));
// header('Content-Transfer-Encoding:binary');
// header('Expires:0');
// header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
// header('Pragma:public');
header('Content-Length:'.filesize($path.$file));
ob_clean();
flush();
readfile($path.$file);
exit;
}
exit;
© 2024 OneMinuteCode. All rights reserved.