For example, I use this form submit to download a file.
if(!isset($hasError) {
//some code here.
$file_url = "http://example.com/files/download/file.pdf";
header("Expires: 0");
header("Cache-Control: no-cache, no-store, must-revalidate");
header('Cache-Control: pre-check=0, post-check=0, max-age=0', false);
header("Pragma: no-cache");
header("Content-type: {$content_type}");
header("Content-Disposition:attachment; filename={$file_new_name}");
header("Content-Type: application/force-download");
flush();
readfile("{$file_url}");
exit();
}
With the submit form above, it will return downloadable file to save. As I see on Chrome (Ctrl + J), the download link is not displayed. It shows only form link with action. But is possible for visitor to know the actual link like this: "http://example.com/files/download/file.pdf".
If they can find that link, any solution to prevent this?
Thank you so much.