我发现了一个类似问题的好答案，使用PHP而不是JavaScript以获得更好的安全性。

我想使用浏览器的默认播放器在用户的浏览器中播放test.mp4(就像在Web页面上单击了URL/test.mp4一样)，但需要密码，该密码由用户提供或由软件内部提供。

下面是这个想法的一个简要概述。它开始于用户去(运行)一个我写的叫做secure.php的程序来播放test.mp4。

文件test.mp4位于一个子目录("secureSubdirectory")中，该子目录包含一个包含"Require all denied"的.htaccess。这立即阻止了任何通过URL的直接访问。

当secure.php运行时，它提供一个密码(或向用户查询密码)，然后对自己执行一个包含密码的POST，使用一个salt，使用PHP命令验证它:

$Hash=base64_encode(hash_hmac("sha256",$Pwd,$Salt,true));
$HashesAreSame=hash_equals($Hash,$GoalHash);

然后测试test.mp4是否存在，并执行以下PHP代码将test.mp4文件作为字节流返回给用户的浏览器:

header("Content-Type: video/mp4");
echo file_get_contents("secureSubdirectory/$path");
exit;

视频和预期的一样。如果我然后右键单击显示视频的页面并尝试保存视频，结果文件将只包含一个错误字符串，如“错误:密码未找到”，因为test.mp4是使用普通的secure.php URL查询的，而不是使用正确的密码通过POST。

当然，您可以使用浏览器调试工具的Network选项来获得响应有效负载(视频字节)，但是如果浏览器提供了阻止访问调试工具的选项，那么PHP程序或.htaccess文件就可以阻止这种情况。

我无法想象失败的案例，但如果存在的话我会非常感兴趣，因为简单而完美的授权是非常罕见的事情。(请注意，由于这种方法依赖于密码，因此将其与用户关联并不是一种安全的身份验证方式，因为用户可能会意外或故意地发布或共享密码。)

使用Vimeo等服务:登录Vimeo > Goto Video >设置>隐私>标记为安全，也可以选择嵌入域。一旦设置了嵌入域，它将不允许任何人嵌入视频或从浏览器显示它，除非从指定的域连接。所以，如果你有一个页面在你的服务器上是安全的，它在iframe中加载Vimeo播放器，这使得它很难绕过。

如果你正在寻找一个完整的解决方案/插件，我发现这个非常有用 https://github.com/mediaelement/mediaelement

这是一个完整的解决方案禁用下载，包括右击>另存为…在上下文菜单中:

<video oncontextmenu="return false;" controlsList="nodownload">
</video>

我们最终使用了url过期的AWS CloudFront。视频将加载，但当用户右键单击并选择另存为最初收到的视频url时，该视频已过期。搜索CloudFront Origin Access Identity。

生成视频url需要一个密钥对，这个密钥对可以在AWS CLI中创建。供参考，这不是我的代码，但它工作得很好!

$resource = 'http://cdn.yourwebsite.com/videos/yourvideourl.mp4';
$timeout = 4;

//This comes from key pair you generated for cloudfront
$keyPairId = "AKAJSDHFKASWERASDF";

$expires = time() + $timeout; //Time out in seconds
$json = '{"Statement":[{"Resource":"'.$resource.'","Condition" {"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';     

//Read Cloudfront Private Key Pair
$fp=fopen("/absolute/path/to/your/cloudfront_privatekey.pem","r"); 
$priv_key=fread($fp,8192); 
fclose($fp); 

//Create the private key
$key = openssl_get_privatekey($priv_key);
if(!$key)
{
    echo "<p>Failed to load private key!</p>";
    return;
}

//Sign the policy with the private key
if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1))
{
    echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
    return;
}

//Create url safe signed policy
$base64_signed_policy = base64_encode($signed_policy);
$signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);

//Construct the URL
$url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;

return '<div class="videowrapper" ><video autoplay controls style="width:100%!important;height:auto!important;"><source src="'.$url.'" type="video/mp4">Your browser does not support the video tag.</video></div>';

简单回答:像youtube那样加密链接，不知道怎么做，不如问问youtube/谷歌他们是怎么做的。(以防你想直奔主题。)

I would like to point out to anyone that this is possible because youtube does it and if they can so can any other website and it isn't from the browser either because I tested it on a couple browsers such as microsoft edge and internet explorer and so there is a way to disable it and seen that people still say it...I tries looking for an answer because if youtube can than there has to be a way and the only way to see how they do it is if someone looked into the scripts of youtube which I am doing now. I also checked to see if it was a custom context menu as well and it isn't because the context menu is over flowing the inspect element and I mean like it is over it and I looked and it never creates a new class and also it is impossible to actually access inspect element with javascript so it can't be. You can tell when it double right-click a youtube video that it pops up the context menu for chrome. Besides...youtube wouldn't add that function in. I am doing research and looking through the source of youtube so I will be back if I find the answer...if anyone says you can't than, well they didn't do research like I have. The only way to download youtube videos is through a video download.

Okay...I did research and my research stays that you can disable it except there is no javascript to it...you have to be able to encrypt the links to the video for you to be able to disable it because I think any browser won't show it if it can't find it and when I opened a youtube video link it showed as this "blob:https://www.youtube.com/e5c4808e-297e-451f-80da-3e838caa1275" without quotes so it is encrypting it so it cannot be saved...you need to know php for that but like the answer you picked out of making it harder, youtube makes it the hardest of heavy encrypting it, you need to be an advance php programmer but if you don't know that than take the person you picked as best answer of making it hard to download it...but if you know php than heavy encrypt the video link so it only is able to be read on yours...I don't know how to explain how they do it but they did and there is a way. The way youtube Encrypts there videos is quite smart so if you want to know how to than just ask youtube/google of how they do it...hope this helps for you although you already picked a best answer. So encrypting the link is best in short terms.