All geek questions in one place

How can I reliably determine if Flash was the initiator of a service request?

I need to determine if the flash page was the sender of the request for the ASP.NET service. The reason is that Flash cannot process SOAP messages when the response status code is something other than 200. However, I allow an exception to bubble through our SOAP web services, and as a result, the status code for the SOAP server error is 500 Before Flash 10, I was able to check the referrer property and, if it ended with .SWF, I changed the status code to 200 so that our Flex application could process SOAP messages accordingly. But since the advent of Flash 10, the referrer is no longer sent. I would like to use the x-flash version header, but it seems to be sent only when using IE, not FF.

Which brings me to my question: how can I reliably determine if Flash was the source of the request sender?

+3
source share
4 answers

You cannot do this reliably - after all, it could be a proxy server, or someone might have looked at your component of the Flash component to decide how to reuse your API without any restrictions, t have.

For a basic sanity check, to differentiate the output, then you could just add a flag to say “Flash API version please”; But with all the HTTP messages, it's relatively trivial to fake everything that is required.

+3

http://domain.com/path/to/target?flash=true? , , api , .

: , "", ? , , , , - , , .

+2

( ), Flash - "Adobe Flash"

+1

The safest way (out of the simple options presented) is for Regex to match the referrer URL in which it will have .swf.

That would be a lot harder to trick than the query string / form param & flash = true. It is certainly hacked using hacker tools that can send false HTTP headers (referrer), but out of the options presented it does its best.

0
source

Source: https://habr.com/ru/post/1706121/

More articles:


All Articles