Browsers don't allow JS to control the referer header. I suggest using an "access token": 1 - When you serve the HTML page, include a private hash of the date. 2 - When your JS forms a tile URL, append the access token. 3 - When your tile server receives a request, verify the access token is recent before returning the tile. This is more secure than referer checking, as referers can be spoofed to steal your tiles.
Ben Android brevity On Sep 15, 2011 5:22 AM, "surfish" <ofors...@gmail.com> wrote: > Hello, > > I use GMap V3 JS API to connect to a WMS server (IGN in France) using > ImageType class. > The server requires the referer header for security (and commercial) > reasons. > > My script works well on Mozilla (and IE 7+) web browsers but on Webkit based > browsers (Chrome or Safari), my tiles queries don't include the referer in > the Http header. > > Header with Webkit : > > - *GET > http://wxs.ign.fr/geoportail/wmsc?LAYERS=ORTHOIMAGERY.ORTHOPHOTOS&EXCEPTIONS=text/xml&FORMAT=image/jpeg&SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMap&STYLES=&SRS=IGNF:GEOPORTALFXX&BBOX=-12582912,-4194304,-8388608,0&WIDTH=256&HEIGHT=256&TILED=true&gppkey=spwpVJHASUZQqXWkft2hO3xnQ2gAAAAAAb8HZV2zA4IA23DSAAABMmeCvIYAAAAAAlgAAQEDzIOB9ekozuGHh5PROd1pgMM0AABDNAAAwrQAAEK0AAA > HTTP/1.1* > - *Host: wxs.ign.fr* > - *Proxy-Connection: keep-alive* > - *User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, > like Gecko) Chrome/13.0.782.220 Safari/535.1* > - *Accept: */** > - *Accept-Encoding: gzip,deflate,sdch* > - *Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4* > - *Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3* > - *Cookie: JSESSIONID=D26C4F293472016EB473E3A88CA6B25A.1A1C40D300011D861D > * > > Header with Mozilla : > > - GET > /geoportail/wmsc?LAYERS=ORTHOIMAGERY.ORTHOPHOTOS&EXCEPTIONS=text/xml&FORMAT=image/jpeg&SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMap&STYLES=&SRS=IGNF:GEOPORTALFXX&BBOX=0,-8388608,4194304,-4194304&WIDTH=256&HEIGHT=256&TILED=true&gppkey=Rv8MqmkkCLGu-LZ_tBftmWazurQAAAAAAb8H2l2zA4IA23DSAAABMmeEdsoAAAAAAlgAAQEDzIOB9ekozuGHh5PROd1pgMM0AABDNAAAwrQAAEK0AAA > HTTP/1.1 > - Host: wxs.ign.fr > - User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 > Firefox/6.0.2 > - Accept: image/png,image/*;q=0.8,*/*;q=0.5 > - Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 > - Accept-Encoding: gzip, deflate > - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > - Connection: keep-alive > - Referer: http://localhost/cadxmap/ign/ign_test.html > - Cookie: JSESSIONID=586278F61849A5CB3C68A40FAD943FCC.BF129F5BA50FC20EB8 > > > Is there a way to 'force' GMap API to send the referer ? > > > Thank you for your help. > > > -- > You received this message because you are subscribed to the Google Groups "Google Maps JavaScript API v3" group. > To view this discussion on the web visit https://groups.google.com/d/msg/google-maps-js-api-v3/-/rCHdbApir6IJ. > To post to this group, send email to google-maps-js-api-v3@googlegroups.com. > To unsubscribe from this group, send email to google-maps-js-api-v3+unsubscr...@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/google-maps-js-api-v3?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google Maps JavaScript API v3" group. To post to this group, send email to google-maps-js-api-v3@googlegroups.com. To unsubscribe from this group, send email to google-maps-js-api-v3+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-maps-js-api-v3?hl=en.
