0

I'm currently uploading profile videos to the public folder.

The cool thing here is that you can simply use the public URL in your HTML5 video tag to stream it.

I could do another route call that only logged in users could access, but this apparently affects performance a lot based on this answer.

Is there a way that if you put the URL in the browser navbar (meaning, not embbeded in a HTML5 video tag) I don't allow you to acccess the file?

Can I also block calls coming from different domains? (Embbeded in a HTML5 video tag in another site)

Inigo EC
  • 2,178
  • 3
  • 22
  • 31

1 Answers1

1

You can store the uploaded files in a non-public folder, then have a controller which controls whether or not someone is allowed to access it (e.g. only authenticated users). If a request is valid, you can return a streamed response.

The performance impact in this answer is not caused by having a controller wrap the request, it's caused by the controller regenerating images instead of simply returning them in a response.

PtrTon
  • 3,705
  • 2
  • 14
  • 24
  • Thank you for your answer @PtrTon , but if I'm working with vue.js, identifying users via a bearer token, how can I stream the response? What should I set in the HTML5 video tag so it works? – Inigo EC Sep 07 '19 at 14:17
  • I think a streamed response (with the right headers) will be playable in a ` – PtrTon Sep 07 '19 at 14:47
  • Correct, but how do I send the bearer token there? I would need to first make an axios call to the route, get back the response, and inject it somehow to the video src? – Inigo EC Sep 07 '19 at 14:59
  • Ah I understand the issue you're facing now. I don't have a solid solution for you since you'll need all your requests to go through axios and a src property of a ` – PtrTon Sep 07 '19 at 21:04