One way to do this is to peek at the HTTP_REFERER value coming from the
browser before you serve the document. If the document is in a file object,
then you can use a precondition for this, which is a callable object.
It could be written as follows in a python script:
request = context.REQUEST
if not request.HTTP_REFERER.startswith(request.SERVER_URL):
If you make a script and then specify it for the preconditions of your files,
then it would only allow downloads coming from another URL on your site. No
direct URL or linking from outside would be allowed with a standard browser.
However, one could easily circumvent this by spoofing the HTTP_REFERER on the
client. This would assume a certain level of sophistication on the part of
the would be spoofer.
To make it a bit harder you could use sessions or cookies and validate those
in your precondition instead. This would be harder to fool if you did it
On Tuesday 12 November 2002 07:11 pm, General Info wrote:
> i have the following situation.
> i want the users to be able to download non html documents if that document
is refered to from an html document. however, i dont want the users to be
able to type the url and document name on the url box of their browers and be
able to download it.
> for example:
> the documents exist in http://www.wwwdotcom.com/nonhtmldocs/doc1.pdf
> however, i dont want the users to type that url on their browser and access
> i only want them to access it if that particular document is linked from an
> i have seen some websites that do that w/ images. how can i do that on zope?
is it possible?
> i would appreciate any comments/suggesstions.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -