RejectedSoftware Forums

Sign up

Prevent Hotlinking?

I would like to be able to prevent someone from hotlinking to my images. The general solution, which I want to implement, is a check for my own domain in the Referer header.

I saw preWriteCallback() as a handler that can be attached to serveStaticFiles(), but it's not clear if this has the ability to block the file contents from being sent, and there's no usage documentation.

Any tips?

Re: Prevent Hotlinking?

On Sun, 08 Feb 2015 17:48:19 GMT, Chris Williams wrote:

I would like to be able to prevent someone from hotlinking to my images. The general solution, which I want to implement, is a check for my own domain in the Referer header.

I saw preWriteCallback() as a handler that can be attached to serveStaticFiles(), but it's not clear if this has the ability to block the file contents from being sent, and there's no usage documentation.

Any tips?

Quick solution would be to add a handler roughly like this one:

router.get("*.jpg", (req, res) { enforceHTTP(req.headers["Referer"] == "http://url.com"); }

If you don't write to the body, the router moves on to the next handler, in the same order they were added, so taking advantage of this allows you to make that request fail prior to serving the page.

Re: Prevent Hotlinking?

Looks like asterisk is only allowed at the end.

You might want to make it router.get("*", &failHandler); and implement a regex check in your fail handler

(req, res) { enforceHTTP(regex.match("/.jpg/") ...