2 Replies Latest reply on Nov 7, 2009 9:44 AM by venFlash

    URLRequestHeader: forbidden headers

    Dan Halbert
      I was disappointed to see that a number of useful HTTP headers are forbidden by URLRequestHeader. To quote the documentation:

      quote:
      The following request headers may not be used: Accept-Ranges, Age, Allow, Allowed, Connection, Content-Length, Content-Location, Content-Range, ETag, Host, Last-Modified, Location, Max-Forwards, Proxy-Authenticate, Proxy-Authorization, Public, Range, Retry-After, Server, TE, Trailer, Transfer-Encoding, Upgrade, URI, Vary, Via, Warning, WWW-Authenticate, x-flash-version.


      That paragraph was not in an earlier version of the documentation.

      I could believe that some of these might be security risks. But in particular, I want to use the Range header to fetch only part of an mp3 to be played by Sound. I don't see how this is somehow a risk, but perhaps someone could explain. Sigh.
        • 1. Re: URLRequestHeader: forbidden headers
          theLoggerGuy
          Looking at the start date of this thread it looks like this is an old chest nut, but it would be nice if someone from Adobe would come up with a good answer.

          I want to use "Connection:close". Hardly seems dangerous! Usefull though. I wouldn't need it if the default and unalterable value of "Connection:keep-alive" was handled properly. The connection stays alive until the server times out preventing another message to be sent from the client.

          Found a nice blog entry about the deficiency of changing innocuous headers.

          C'mon Adobe tell all.
          • 2. Re: URLRequestHeader: forbidden headers
            venFlash

            hey logger guy i agree with you . i have had this issue since 1 year. i have to use anonymous authentication while uploading. when we enable basic authentication or database authentication cannot upload files.

             

            thanks for the url good information.

             

            need help adobe please.