You then use that token to fetch your video. You'd have your sever send down a token on the page. You could also use CSRF tokens to your advantage. You'll get a Save Image As instead of a Save Video As.
And because it's a, the context menu will use an 's menu, not a 's. In this technique, with a bit of JavaScript, what you see on the page is a element rendering frames from a hidden. It would take a bit more effort to gather all the chunks and stitch them using some dedicated software.Īnother technique is to paint on. So even if you manage to Save As, you only save a chunk, not the whole video. This is how most streaming sites serve video. What it essentially does is chop up the video into chunks and serve it one after the other. Weaknesses are similar to the previous option.Īnother way to do it is to serve the video using HTTP Live Streaming. And if ever they do serve a menu item similar to Save As, you can disable it. So you don't get the default browser context menu. Most of them implement video players that customize the context menu to your liking. You could also use custom video player libraries. There are lots of legitimate things in a context menu than just Save As. But then they could just disable JS and get around this or find the video source via the browser's debugger. That would prevent your regular skiddie from blatantly ripping your video by right clicking and Save As. But you can make it harder to download.įirst thing's first, you could disable the contextmenu event, aka "the right click". That's because that's what browsers were designed to do: Serve content.