Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi all
I use this module on my website and i want to hide the link, protect it from download.
I manage to hide frm the view but not from "html source".
Best regards.
ArchGallileu
Comments
Comment #1
Anonymous (not verified) CreditAttribution: Anonymous commentedIs it possible to do something like
http://drupal.org/node/1046744#comment-4086032
Best regards
Comment #2
Anonymous (not verified) CreditAttribution: Anonymous commentedHi all
Is it possible to change the "src"
to be relative and
not shown on source,
like that protect files
Please help
ArchGalileu
Comment #3
mfer CreditAttribution: mfer commentedSomewhere the path is going to be shared. Even if a relative path. There are utilities that can grab all the resources in the page (one such utility is built right into safari). If you want to lock down a file what about using private files?
Comment #4
mfer CreditAttribution: mfer commentedComment #5
drupal a11y CreditAttribution: drupal a11y commentedI get to following error with the latest dev:
jplayer mori$ git apply -v hide-direct-link-1046744-16.patch
error: patch failed: includes/jplayer.theme.inc:86
error: includes/jplayer.theme.inc: patch does not apply
Comment #6
webel CreditAttribution: webel commentedReactivating.
I agree this feature request is important. Currently one can easily elicit the URL from the page source (using say Firebug or another web inspector) and as long as somebody has access rights to the page they can download the video, even if it is in the private filesystem. It is easy to pull the video src URL from the <video> tag.
For the sake of demonstration, I don't mind if people test "breaking" this live on this file:
http://drupal7demo.webel.com.au/system/files/mevideo/ooe-demo-netbeans-i...
That file was uploaded to the private filesystem and into a subfolder .../files/private/mevideo under .htacess protection, using a File field for display with MediaElement.
It is easy to load the video file directly in any browser or just pull it by URL with 'curl' or 'wget'.
I don't have any suggestions for solutions, however it is quite a serious media security/protection problem.
BTW MediaFront does no better in this respect, it also offer direct access by URL to private filesystem videos.
Comment #7
kenorb CreditAttribution: kenorb commentedComment #8
jnettikI'm moving this issue the 8.x branch. I had a client with this same request, although in my experience this isn't fully possible for a few reasons:
drupalSettings
, which temporarily obscures the file. But if you know where to look, it's still findable.setSrc()
, the library adds it to the markup anyway making obfuscation somewhat pointless. I've seen this same behavior with JWPlayer's HTML5 player as well.I'm not 100% certain this is a feature that makes sense in this project, as a full solution feels very outside the realm of this project's scope. But I know there's an appeal to a lot of clients, so it's worth further discussion.
Comment #9
kmv CreditAttribution: kmv as a volunteer commentedNow that private files are a thing, is this even needed any more?
Setting the 'upload destination' on the video file's field (you'll probably need to create a new media type to be able to set it) to 'private' got me to the destination the OP seemed to want.