Question posted in 
Helloo, i have a theoratical question, thats why I don’t have code snippets, but maybe someone knows an answer.
I program a website that offers videotrainings, but they cost. If the user knows the path to the videos on the server, can I prevent them from editint the html in browser and insert a video tag linked to the video, they should pay for?
2
Answers
If you’re trying to be security-conscious, an unauthorized user should not know the path to a video they don’t have the credentials to see.
Only send a video link to a user after verifying (on the server) that their account has bought it, and only serve a video to a browser if the browser has supplied the server with the required credentials to see the video. If something requests a video link without the right cookies (or without the right JWT, or however you’re authorizing things), reject the request.
Why not rely on a library? Passport is 18K star project, and does the job with Node and Express on your server. They have tons of precofigured strategies (500 and more). This can be done with a simple fetch API, while the rest of your site is served with Apache