Locked

Re: How to white list URL [Branched]

New Here ,
Feb 02, 2021 Feb 02, 2021

Copy link to clipboard

Copied

We're having issues with the WHITELIST. We have a URL with { Bracers or Curly Brackets and it's not working for that particular URL. Is there something special I need to do?

TOPICS
End of life, How to

Views

686

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct Answer

Adobe Employee , Feb 11, 2021 Feb 11, 2021
Per RFC 3986, curly braces in a URI need to be percent encoded (and we require RFC 3986-compliant URIs).    Given that your AllowListUrlPattern looks sufficiently permissive, my guess is that we stop evaluating at the point that the URI you're passing fails the validity check.   In this instance, you have a couple options:  Talk to HARMAN about licensing a copy of Flash Player that will allow you to work around thisUpdate your application to use valid, percent-encoded URIs, at which point, Flash...

Likes

translate

Translate

Translate
Adobe Employee ,
Feb 03, 2021 Feb 03, 2021

Copy link to clipboard

Copied

My guess is that what you think the URL is, and what's actually getting passed to Flash Player aren't the same.

 

Read the Enterprise Enablement section of the admin guide, and do the things required to log the messages about URIs getting blocked.

 

At that point, you should see the exact URI that's getting passed in, and can populate your AllowListUrlPattern accordingly.

 

https://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.html

 

That should get you going.  If you're still stuck, please just start a new thread.  The original posters don't need email notifications about this unrelated issue.


Thanks! 

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 03, 2021 Feb 03, 2021

Copy link to clipboard

Copied

I have collected a pile of research into this and have youtube videos stepping through various options, but at the very least a tool here build you an mms.cfg file:

http://flash.vsoft.solutions/flash-eol-ee-config.php

 

One Youtube video among many:

https://youtu.be/Ldg_D0WURF0

 

But beware that Chrome and Firefox as of Jan 2021 already pulled support for flash out of the browser itself and Windows update will remove flash player off Windows this summer, so ANY solution apart from using Harman Solutions as already mentioned in Adobe's docs is a temp hack at best with many security problems.

Note: This information is based on information known as of January 6 2021.In this video demo an online mms.cfg generator and show how to use it to white lis...

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Feb 04, 2021 Feb 04, 2021

Copy link to clipboard

Copied

Windows update will remove flash player off Windows this summer,

By @Mark0D4D

 

You say, that the lines  AutoUpdateDisable=1 and EOLUninstallDisable=1 in mms.cfg will be useless in the future and the player will be uninstalled anyway? Is it that, what you mean?

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 04, 2021 Feb 04, 2021

Copy link to clipboard

Copied

As documented in the admin guide after Jan 12, 2021 the settings will be ignored. Not only that but Windows Update will remove Flash once and for all this summer: https://docs.microsoft.com/en-us/lifecycle/announcements/adobe-flash-end-of-support

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Feb 04, 2021 Feb 04, 2021

Copy link to clipboard

Copied

If you think about it, it makes sense.  Adobe isn't pushing updates to Flash anymore, so Automatic Updates and the active notifications we were using to get people to uninstall early (vs. waiting to the last second and overwhelming the helpdesks and support centers of the world when they hit simultaneously) are moot at this point.

 

Also, to my knowledge, the current Firefox ESR, IE and Edge are the only major browsers left with browser plug-in support.  The next Firefox ESR release will drop plug-in support, and IE and Edge updates timed around summer 2021 will also follow suit.  At that point, you'll have needed to build out a VM or something with an old technology stack, configured appropriately to minimize your attack surface (or, ideally, have moved off Flash). 

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Feb 08, 2021 Feb 08, 2021

Copy link to clipboard

Copied

Sorry for not posting back earlier. In my case only the Flash ActiveX is concerned. According to people working for the Adobe Flash EOL team I don't think that the Flash Player ActiveX will be unistalled from Windows, as long as AutoUpdateDisable=1 and EOLUninstallDisable=1 are present. We use the ActiveX to play Flash based graphics in CasparCG a broadcast charcter generator. So no browser involved here. But it sure is correct, that browsers stop to support Flash.

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 04, 2021 Feb 04, 2021

Copy link to clipboard

Copied

I'm looking at the FLASH LOGS and This is the URL that says needs to be whitelisted but it doesn't work:

Example: http://test/3GISWeb/services/Telecom.ashx/fiberCable/{231C25A8-A1C8-43DE-9168-799C725B376B}/Y/SYS/co...

 

I have setup the whitelist to allow:

 

http://test/3GISWeb/

 

Which in theory should allow everything under that domain to be passed but for some reason the bracers/curly brackets are preventing it from working correctly. I have tested this by removing the curly brackets from the data and it works fine. So I was wondering if there is something I can do to pass curly brackets correctly through the whitelist. It's a long shot I know but I have to ask. 🙂

 

Here is some of my settings in the mms.cfg:

 

AllowListPreview=1
AutoUpdateDisable=1
EnableAllowList=1
EOLUninstallDisable=1
ErrorReportingEnable=1
SilentAutoUpdateEnable=0

 

AllowListUrlPattern=*://test/3GISWeb/

AllowListUrlPattern=*://test/3GISWeb/services/

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 04, 2021 Feb 04, 2021

Copy link to clipboard

Copied

Which browser? If its IE you might need to use the original property names which had the name white list in them. Use my online tool to generate the mms.cfg to see what i mean: http://flash.vsoft.solutions/flash-eol-ee-config.php

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Feb 11, 2021 Feb 11, 2021

Copy link to clipboard

Copied

Per RFC 3986, curly braces in a URI need to be percent encoded (and we require RFC 3986-compliant URIs). 

 

Given that your AllowListUrlPattern looks sufficiently permissive, my guess is that we stop evaluating at the point that the URI you're passing fails the validity check.

 

In this instance, you have a couple options: 

  • Talk to HARMAN about licensing a copy of Flash Player that will allow you to work around this
  • Update your application to use valid, percent-encoded URIs, at which point, Flash should allow the request based on that rule.

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines