Copy link to clipboard
Copied
We're having issues with the WHITELIST. We have a URL with { Bracers or Curly Brackets and it's not working for that particular URL. Is there something special I need to do?
Per RFC 3986, curly braces in a URI need to be percent encoded (and we require RFC 3986-compliant URIs).
Given that your AllowListUrlPattern looks sufficiently permissive, my guess is that we stop evaluating at the point that the URI you're passing fails the validity check.
In this instance, you have a couple options:
Copy link to clipboard
Copied
My guess is that what you think the URL is, and what's actually getting passed to Flash Player aren't the same.
Read the Enterprise Enablement section of the admin guide, and do the things required to log the messages about URIs getting blocked.
At that point, you should see the exact URI that's getting passed in, and can populate your AllowListUrlPattern accordingly.
https://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.html
That should get you going. If you're still stuck, please just start a new thread. The original posters don't need email notifications about this unrelated issue.
Thanks!
Copy link to clipboard
Copied
I have collected a pile of research into this and have youtube videos stepping through various options, but at the very least a tool here build you an mms.cfg file:
http://flash.vsoft.solutions/flash-eol-ee-config.php
One Youtube video among many:
But beware that Chrome and Firefox as of Jan 2021 already pulled support for flash out of the browser itself and Windows update will remove flash player off Windows this summer, so ANY solution apart from using Harman Solutions as already mentioned in Adobe's docs is a temp hack at best with many security problems.
Copy link to clipboard
Copied
Windows update will remove flash player off Windows this summer,
By @Mark0D4D
You say, that the lines AutoUpdateDisable=1 and EOLUninstallDisable=1 in mms.cfg will be useless in the future and the player will be uninstalled anyway? Is it that, what you mean?
Copy link to clipboard
Copied
As documented in the admin guide after Jan 12, 2021 the settings will be ignored. Not only that but Windows Update will remove Flash once and for all this summer: https://docs.microsoft.com/en-us/lifecycle/announcements/adobe-flash-end-of-support
Copy link to clipboard
Copied
If you think about it, it makes sense. Adobe isn't pushing updates to Flash anymore, so Automatic Updates and the active notifications we were using to get people to uninstall early (vs. waiting to the last second and overwhelming the helpdesks and support centers of the world when they hit simultaneously) are moot at this point.
Also, to my knowledge, the current Firefox ESR, IE and Edge are the only major browsers left with browser plug-in support. The next Firefox ESR release will drop plug-in support, and IE and Edge updates timed around summer 2021 will also follow suit. At that point, you'll have needed to build out a VM or something with an old technology stack, configured appropriately to minimize your attack surface (or, ideally, have moved off Flash).
Copy link to clipboard
Copied
Sorry for not posting back earlier. In my case only the Flash ActiveX is concerned. According to people working for the Adobe Flash EOL team I don't think that the Flash Player ActiveX will be unistalled from Windows, as long as AutoUpdateDisable=1 and EOLUninstallDisable=1 are present. We use the ActiveX to play Flash based graphics in CasparCG a broadcast charcter generator. So no browser involved here. But it sure is correct, that browsers stop to support Flash.
Copy link to clipboard
Copied
I'm looking at the FLASH LOGS and This is the URL that says needs to be whitelisted but it doesn't work:
I have setup the whitelist to allow:
Which in theory should allow everything under that domain to be passed but for some reason the bracers/curly brackets are preventing it from working correctly. I have tested this by removing the curly brackets from the data and it works fine. So I was wondering if there is something I can do to pass curly brackets correctly through the whitelist. It's a long shot I know but I have to ask. 🙂
Here is some of my settings in the mms.cfg:
AllowListPreview=1
AutoUpdateDisable=1
EnableAllowList=1
EOLUninstallDisable=1
ErrorReportingEnable=1
SilentAutoUpdateEnable=0
AllowListUrlPattern=*://test/3GISWeb/
AllowListUrlPattern=*://test/3GISWeb/services/
Copy link to clipboard
Copied
Which browser? If its IE you might need to use the original property names which had the name white list in them. Use my online tool to generate the mms.cfg to see what i mean: http://flash.vsoft.solutions/flash-eol-ee-config.php
Copy link to clipboard
Copied
Per RFC 3986, curly braces in a URI need to be percent encoded (and we require RFC 3986-compliant URIs).
Given that your AllowListUrlPattern looks sufficiently permissive, my guess is that we stop evaluating at the point that the URI you're passing fails the validity check.
In this instance, you have a couple options: