cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0
Upvote

HtmlLoader and "Referer" request header

kboilydev
Community Beginner ,
Aug 04, 2011 Aug 04, 2011

Copy link to clipboard

Copied


Hi,

We're using the HtmlLoader in our Flex project (AIR 2.7) for restricted browsing (some URLs are denied).

I'm testing in unrestricted mode and I'm having problems with some HTTP requests that are done with the Referer header set to "app://Main.sfw[[Dynamic]]/2" instead of the URL of the containing page. As the referer URL is wrong, I'm receiving "access denied" messages instead of the content I'm expecting (typically, SWF files).

I figured that the default referer was set to the app file. I've tried adding ResquestHeader("Referer",location) to the requestHeaders array and using an intermedite URLLoader to load the datas but nothing worked, the latter provoking javascript errors.

Is there any way I could change the referer before the request is sent? And why is it set to the default value instead of what it should be?

Here's an example of a website I'm having trouble with : http://www.nitrome.com/games/rubbletroubletokyo/

When you click the "Skip Ad" button, the referer is set to the app instead of "http://www.nitrome.com/games/rubbletroubletokyo/". By the way, the button is part of an SWF movie and my guess is that's the source of the problem. The HtmlLoader should, however, be able to handle those.

The secured browser is a really important feature in our app and I'd really appreciated any help on this.

Thanks!!

Message was edited by: kboilydev : corrected typos

TOPICS
Performance issues

Views

3.7K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 7 Replies 7
latest latest Jump to latest reply
chris.campbell Adobe Employee
Adobe Employee ,
Aug 04, 2011 Aug 04, 2011

Copy link to clipboard

Copied

Thanks for the post.  Forwarded to our Webkit team for their review.

Chris

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
chris.campbell Adobe Employee
Adobe Employee ,
Aug 05, 2011 Aug 05, 2011

Copy link to clipboard

Copied

In Response To chris.campbell

Here's what I've heard back:

Unfortunately, the HTTP Referer cannot be changed from AIR applications (I'm not sure that it can be changed from flex applications also). There might be a possibility with using a non-application sandbox but the user will have to modify his app.

Here are more details on this: Setting up a sandbox bridge interface

Thanks,

Chris

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
kboilydev
Community Beginner ,
Aug 08, 2011 Aug 08, 2011

Copy link to clipboard

Copied

In Response To chris.campbell

I'll take a look.

Shouldn't this be handled by the component itself? I'm sure I'm not the only one getting this problem, as pointed out by this suggestions on Adobe Labs Ideas : http://ideas.adobe.com/ct/ct_a_view_idea.bix?c=9D564F43-979A-4E35-AA21-85A61B6AB8DE&idea_id=CA6C107B...

Edit : I don't get it. How can creating another sandbox help me?

Message was edited by: kboilydev

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Catalin_Anastasoaie Adobe Employee
Adobe Employee ,
Aug 09, 2011 Aug 09, 2011

Copy link to clipboard

Copied

In Response To kboilydev

The AIR runtime uses a sandbox based security model. This basically means that content loaded for example from the root of your AIR application can only load resources from the local sandbox while content loaded from a non-application sandbox (for example http://www.example.com) can load content only from that specific domain. More info on the AIR security model and how sandboxes work in AIR please read the following article - Introduction to the AIR security model.

The referral cannot be changed programatically in an AIR application but using a non-application sandbox that will load resources from the root of your application but which will behave as they were loaded from a custom domain (http://www.example.com) you could obtain the needed HTTP referral. More info on non-application sandboxes can be found at the following location - Cross-scripting content in different security sandboxes.

Let us know if this helped you,

--Catalin

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
kboilydev
Community Beginner ,
Aug 15, 2011 Aug 15, 2011

Copy link to clipboard

Copied

In Response To Catalin_Anastasoaie

We decided not to even try this solution as it's too time consuming and we're not even sure we'll get the expected results.

Why is the default value app:/foo.swf instead of sending no referer like any other browser? Most of the time, an invalid referer is worse than none at all and will cause invalidations by websites.

I understand what you are trying to tell me with the sandboxes solution, but as you can see, I don't really care about getting the real referer. I just want to set it empty.

Thanks

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
chris.campbell Adobe Employee
Adobe Employee ,
Aug 17, 2011 Aug 17, 2011

Copy link to clipboard

Copied

In Response To kboilydev

I'd like to recommend a couple of things, first please feel free to enter this request over at bugbase.adobe.com.  Post back with the URL and let others know so they can add their votes and comments.

Second, go vote for this feature request over at ideas.adobe.com:

Don't set default referer in HTML header

This might seem redundant, but better to get this out there more places so any many people as possible can see the request.

Chris

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
kboilydev
Community Beginner ,
Aug 18, 2011 Aug 18, 2011

Copy link to clipboard

Copied

LATEST
In Response To chris.campbell

I had already voted for the idea. I just added a bug for this https://bugbase.adobe.com/index.cfm?event=bug&id=2945647

Thanks

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices