Isn’t there a way to do this by looking at the Origin header or something? What you want is for the download link to work, but when the page is hot linked, the origin header won’t match and the link will be broken. That should be doable with a simple nginx rule.
You might not want to break the existing web link (if you don’t want to break existing sites). But you could move the link to the javascript code somewhere else which has this origin guarding behaviour.
Edit: There’s a better suggestion down thread. Put the javascript file in a zip file and let people download that. Brilliant.
You might not want to break the existing web link (if you don’t want to break existing sites). But you could move the link to the javascript code somewhere else which has this origin guarding behaviour.
Edit: There’s a better suggestion down thread. Put the javascript file in a zip file and let people download that. Brilliant.