Serving embedded video files with X-Accel-Redirect to IE 6 browser

Hi list,

I am able to serve embedded quicktime movie files to Safari 3.1 and
Firefox2 browsers, but I fail serving to Internet Explorer 6. The
quicktime logo gets displayed, but the movie never starts.

Are there some magical headers I need to add to the response?

Note that embedding the same movie with the same html code but
bypassing Nginx works perfectly (for instance serving the file through
mongrel), so there is an issue between nginx with X-Accel-Redirect and
Internet Explorer I guess.

Best regards,

Can you do a curl -I and post the results, it may be a case that
the wrong mime type is being served. I’m guessing that the Safari 3.1
and FF tests are done on a Mac and the IE6 tests on a PC (or vmware
image). Apple have a vested interest in going the extra mile to play
quicktime video where as on a PC Quicktime is relegated to plugin
status and so the wrong mime type or content disposition may be
causing that plugin to not be triggered.

Cheers

Dave

mind sharing the results for the rest of us? :slight_smile:

thanks!

Hi Dave,

Correcting the mimetype made it work on IE.

Thank you very much,

I suspected that was the case :slight_smile:

Would you mind sharing your final config with the rest of the list.

Cheers

Dave

Actually there is nothing fancy in Nginx conf files, simply declare
the folder that holds the protected content as “internal” so users
can’t directly access it:

location /files {
root /var/www/myapp/files;
internal;
}

The real magic happens in your app:

<?php $path = $_GET["path"]; header("Content-Type: video/quicktime"); header("X-Accel-Redirect: /files/" . $path); ?>

Of course you need to add your own protection scheme (like
anti-leeching or paid membership), now you can access the video
content by using the url:
http://mysite.com/downloads.php?path=video.mov

or basename() it and then force a specific parent path.

or just use an integer ID if it’s in the db to check if the file is
valid, etc.

On Wed, 2008-04-16 at 17:55 +0200, Thomas wrote:

The real magic happens in your app:

<?php $path = $_GET["path"]; header("Content-Type: video/quicktime"); header("X-Accel-Redirect: /files/" . $path); ?>

It probably doesn’t matter much for this particular example (since the
request will be punted to Nginx which will presumably forbid access
outside “root”), but in general you should sanitize anything to be used
as part of a filesystem path:

$path = realpath($_GET[“path”]);

This is to prevent requests like:

http://mysite.com/downloads.php?path=../../../../etc/passwd”.

Regards,
Cliff

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs