WordPress.org

1. nathanguadalupe
   Member
   Posted 11 months ago #
   

   Does anyone here have any experience making FlaGallery work with images stored in folders where hotlinking is disabled via htaccess?

   I'm also using a plugin called WP htaccess Control, which pretty much saves me the trouble of having to download and rename htaccess files for manual modification.

   On to the problem...

   FlaGallery will cease to show all thumbnails and images in their galleries, both in the front end and in the back end, whenever I disable image hotlinking by adding an underscore in that setting.

   I'm not sure if Flash applications are even capable of honoring htaccess directives. It's a nice plugin, but is there a solution where I can also disable image hotlinking and still keep the FlaGallery plugin, or should I switch to something else like NextGen Gallery?

   http://wordpress.org/extend/plugins/flagallery/

2. antonioandra.de
   Member
   Posted 11 months ago #
   

   Hi nathanguadalupe,

   
   WP htaccess Control's option to disable hotlinking works by checking whether the image is being loaded with the blog's referer in the request header. This works for most setups.

   What you're asking for requires some different, custom condition, or that somehow flagallery emulates the request header.

   You might want to read on RewriteCond at http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#RewriteCond

   The default rule to disable hotlinking is:
   

   RewriteCond %{HTTP_REFERER} !^$
   RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com/.*$ [NC]
   RewriteRule \.(jpg|jpeg|png|gif)$ _ [NC,R,L]

   Which reads:
   If there's no HTTP_REFERER or the HTTP_REFFERER doesn't begin with our website address, redirect all images to "_".

3. nathanguadalupe
   Member
   Posted 10 months ago #
   

   Thank you for the feedback! It turns out that I did a couple of things wrong.

   First, I completed a fresh install of WordPress on a domain with an HTTPS prefix rather than on the more typical HTTP. The URL for every post and page on the blog started with HTTPS. It's worth mentioning that I purchased a valid SSL certificate.

   I restored post data from my old WordPress install and found that the embedded images weren't loading because the URLs started with HTTP rather than HTTPS in the html syntax. My solution was to simply revert back to HTTP in the WordPress address and the site address rather than manually edit each post.

   Afterwards, I installed the WordPress HTTPS plugin and enabled SSL in the administrative backend and in certain pages where the user enters sensitive information (such as a username and password).

   Little did I know that the htaccess directives were incorrect all along...

   RewriteCond %{HTTP_REFERER} !^http://(www\.)?somewebsite\.com/ [NC]

   Notice that the URL only starts with HTTP, unlike the URL in your example where the rewrite rule is able to accept both HTTP and HTTPS. I made the change and all the thumbnails appeared as they should in the "Manage Galleries" control panel for FlaGallery.

   However, I now get a blank page whenever I attempt to edit a thumbnail in FlaGallery.

   I've discovered the following error, but I haven't found a solution to rectify it...

   XMLHttpRequest cannot load http://example.com/wp-content/plugins/flash-album-gallery/admin/manage_thumbnail.php?id=1&random=1341879773544. Origin https://example.com is not allowed by Access-Control-Allow-Origin.

   One solution is to simply disable SSL in the administrative backend and in the dedicated login page, but I'd rather have it enabled.

   I tried tweaking FlaGallery by adding two lines of code I found in another post regarding a different plugin...

   header('Access-Control-Allow-Origin: '.get_site_url());
   header('Access-Control-Allow-Origin: '.str_replace('http://', 'https://', get_site_url()));

   I've had no luck! Any suggestions?

Reply

You must log in to post.