My goal is to have user-uploaded files (mostly PDF) available for download only via a link from the host website.
I've protected user-uploaded files with an .htaccess file that resides in the uploads directory. .htaccess checks the referrer against the hard-coded domain name, and if the referrer matches, it allows access. Otherwise access is denied.
This works fine, except when following the file links in Safari for PDFs. Safari attempts to open them in-browser, and subsequently gets denied, even though the referrer was correct.
Any thoughts how to enable Safari users to view these files when coming from the correct location?