Does Firefox break referrer-based hotlink protection?

Forum Moderators: phranque

Message Too Old, No Replies

Does Firefox break referrer-based hotlink protection?

ianevans

4:36 am on Mar 11, 2006 (gmt 0)

Just noticed that my hotlink protection (using setenvif and referrer) breaks in firefox.

E.g. clicking on the full-size image link in IE generates a 403 as desired.

Clicking on the link in Firefox pulls up the image. The only way to get FF to act the same way as IE is to clear the cache before hitting the full-size image link.

Any idea how to get FF to act as expected when it comes to hotlink protection?

jdMorgan

6:44 pm on Mar 12, 2006 (gmt 0)

Firefox doesn't do anything that IE doesn't do in this case. However, your Firefox and IE cache-control options may be set differently.

That's what this is, probably -- a caching issue.

If an image is successfully cached in your browser, then it will be served from that cache, and no request will be sent to your server. Therefore, server-side access-control code can have no effect.

You should always flush your cache(s) before every test of access-control code.

If you change the cache-control headers sent by your server, so that 'no-cache, must-revalidate' is sent, then any compliant browser will always check with the server before serving cached content. However, this partially offsets the advantages of caching, since it increases the number of requests to your server.

Jim