views:

121

answers:

1

Greetings,

I'm trying to load an image dinamically. Seems like the server doesn't like me loading that image outside form their domain, so I always get with a 404, when in fact Firebug seems to load it and FF as well.

What's the best approach to remove the referrer header from the GET request sent to the server via the browser? I was thinking about a PHP proxy, but I will be happy if I can accomplish this using JavaScript.

I'm using Mootools.

+1  A: 

You cannot do this with JavasSript because it is a violation of the same origin policy. Checking the referer is a good method for preventing bandwidth theft and thats one of its few good security uses. If an attacker controls the browser the referer and the rest of the HTTP Header can be controlled with TamperData. If all of thoughs jpg's are killing your $4/mo unlimited bandwidth from some random shared host, perhaps a free image host will fill your needs.

Rook
Right now I'm solving the problem using a PHP proxy, that loads the image. It's not the bandwidth the problem, but the image to be shown is dynamic so I can't just save it on my server.
Veehmot
PHP proxy is one of your few options. Another option is to use Flash with a corssdomain.xml file to access the other domain. I believe the referer will be blank, and you can't control this. But you can set other header variables to send a message back to your server. http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.htmlandhttp://www.securiteam.com/securityreviews/5KP0M1FJ5E.html
Rook