Due to hotlink protection I’m having difficulty displaying images. The http request send in order to obtain the images contains a non empty referer header. This causes the hotlink protection to kick in.
Using a referer control tool, I can block the referer, which bypasses hotlink protection. However now I want to do this in a PHP/HTML/javascript code. I found information that it is possible, but I don’t fully understand how to implement it.
Can some one give me a hand? Thanks in advance!
FYI: I have permission of the website to do the hotlinking, as it’s for an android app. However they cannot provide me with an API.
Advertisement
Answer
There is no way to forge the referer header from a browser request, not even via a call made from JavaScript.
2022 UPDATE: As pointed out in the comments, and other answer, this is now possible (except on IE and other really old browsers).
You could set up a proxy server, that forges the Referer header. You then need to have your android app point to your own server to get all the images. You can do this from PHP, using the curl functions (or even directly via the socket API).
Note: if the purpose was to actually hotlink then this saves nothing, as you end up serving all the images. And it adds another moving part that could break. If your image supplier cannot give you a better solution, find another provider?