2 Replies Latest reply on Nov 7, 2009 9:44 AM by venFlash

    URLRequestHeader: forbidden headers

    Dan Halbert
      I was disappointed to see that a number of useful HTTP headers are forbidden by URLRequestHeader. To quote the documentation:

      quote:
      The following request headers may not be used: Accept-Ranges, Age, Allow, Allowed, Connection, Content-Length, Content-Location, Content-Range, ETag, Host, Last-Modified, Location, Max-Forwards, Proxy-Authenticate, Proxy-Authorization, Public, Range, Retry-After, Server, TE, Trailer, Transfer-Encoding, Upgrade, URI, Vary, Via, Warning, WWW-Authenticate, x-flash-version.


      That paragraph was not in an earlier version of the documentation.

      I could believe that some of these might be security risks. But in particular, I want to use the Range header to fetch only part of an mp3 to be played by Sound. I don't see how this is somehow a risk, but perhaps someone could explain. Sigh.
        • 1. Re: URLRequestHeader: forbidden headers
          theLoggerGuy Level 1
          Looking at the start date of this thread it looks like this is an old chest nut, but it would be nice if someone from Adobe would come up with a good answer.

          I want to use "Connection:close". Hardly seems dangerous! Usefull though. I wouldn't need it if the default and unalterable value of "Connection:keep-alive" was handled properly. The connection stays alive until the server times out preventing another message to be sent from the client.

          Found a nice blog entry about the deficiency of changing innocuous headers.

          C'mon Adobe tell all.
          • 2. Re: URLRequestHeader: forbidden headers
            venFlash

            hey logger guy i agree with you . i have had this issue since 1 year. i have to use anonymous authentication while uploading. when we enable basic authentication or database authentication cannot upload files.

             

            thanks for the url good information.

             

            need help adobe please.