1

In order to prevent direct url access to download files on my website I use following HTTP header which is setted by the following JavaScript during the click on download url:

$('a.download').on('click', function(){
    $.ajax({
        url: '/ajax/preventDownload',
        headers: { 'x-rarity-download-header': 'download' }
    });
})

Server checks if this 'x-rarity-download-header' present in HTTP request and if no doesn't allow user to download file.

Right now this approach works not in the all browsers, for example it works in FireFox 50 and looks like doesn't work on some previous versions like 48. Also, this approach doesn't work in Safari browser.

What can be a reason of this and how to fix it ?

Improve this question
1
  • Did you get it to work with beforeSend or use a different method? Commented Nov 28, 2016 at 15:13

1 Answer 1

Reset to default
1

First, you should respect the spelling. It should be X-Rarity-Download-Header.

Some software do take this more serious than others and only allow standarized headers or custom headers set with uppercase X-.

Besides that, I suggest you to switch to a more common method like oauth2 tokens.

Or something way easier, like:

1. Visit the site
2. Set a cookie
3. Allow download.
4. If cookie is not set, don't allow to download.

You can also try beforeSend method from jQuery, which seems a little better place to add headers: http://api.jquery.com/jquery.ajax/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.