-4

Due to hotlink protection I'm having difficulty displaying images. The http request send in order to obtain the images contains a non empty referer header. This causes the hotlink protection to kick in.

Using a referer control tool, I can block the referer, which bypasses hotlink protection. However now I want to do this in a PHP/HTML/javascript code. I found information that it is possible, but I don't fully understand how to implement it.

Can some one give me a hand? Thanks in advance!

FYI: I have permission of the website to do the hotlinking, as it's for an android app. However they cannot provide me with an API.

Eztys
  • 31
  • 2
  • 5
  • I have permission of the website to do the hotlinking, as it's for an android app. However they cannot provide me with an API. – Eztys Feb 01 '15 at 17:47
  • 1
    A referrer control tool is a browser plugin / extension which obscures your client IP origin. As far as I know, to do something like this with you web server, you would need to connect it to VPN or somehting – DrewT Feb 01 '15 at 17:49
  • If this is specifically for an app and not for a mobile site, then you can send a special header to the remote host, who can remove their referrer protection for images where the header is received. Would they be willing to implement that on their side? If they use Apache, I expect some `mod_rewrite` rules will do this. – halfer Feb 01 '15 at 18:15

2 Answers2

0

There is no way to forge the referer header from a browser request, not even via a call made from JavaScript.

2022 UPDATE: As pointed out in the comments, and other answer, this is now possible (except on IE and other really old browsers).

You could set up a proxy server, that forges the Referer header. You then need to have your android app point to your own server to get all the images. You can do this from PHP, using the curl functions (or even directly via the socket API).

Note: if the purpose was to actually hotlink then this saves nothing, as you end up serving all the images. And it adds another moving part that could break. If your image supplier cannot give you a better solution, find another provider?

Darren Cook
  • 27,837
  • 13
  • 117
  • 217
  • I think you are right. The images are part of a greater goal, it's just a forum app. So a fraction of the images are uploaded on their server which is hotlink protected. Might try to setup a proxy server. Thanks. – Eztys Feb 02 '15 at 11:01
  • What about no-referrer policy ? https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#:~:text=Directives-,no%2Dreferrer,-The%20Referer%20header – Hovhannes Vardanyan Feb 02 '22 at 20:37
  • I guess this was not available during the time of the answer. – Hovhannes Vardanyan Feb 02 '22 at 20:44
0

You can try to avoid hotlink protection by setting no-referrer value to attribute referrerpolicy of img element. Details here.

LazyFellow
  • 1