cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0
Upvote

Redirection to a servlet deployed on SWF from a desktop application based on Adobe Air: KO

Mohamed5C12
New Here ,
Oct 21, 2020 Oct 21, 2020

Copy link to clipboard

Copied

Hello,

I need help,

We developed a html browser based on "Adobe air" to run flex application(SWF) and replace normal browsers (IE, chrome, ..).

It works perfectly,  it runs web application based on Flex, but we have in our application a  link that opens a servlet which opens in an external browser(or tab for IE, chrome,..) , in adobe air so we loses the session and we cannot access to servelet.

I have already tried puting the headers that contain the session ID in the URLRequest,  but it shows me an error with the navigateToURL (request) method: 

SecurityError: Error #3769: Security sandbox violation: Only simple headers can be used with navigateToUrl() or sendToUrl().

 
When using the URLLoader object with the load method the request returns data, no session problem and it keeps the same session. But it doesn't open the content in a new window.

 

request.requestHeaders.push(new URLRequestHeader("SESSIONID", sessionId));
request.requestHeaders.push(new URLRequestHeader("JSESSIONID", sessionId));
request.requestHeaders.push(new URLRequestHeader("Set-Cookie", "JSESSIONID="+ sessionId));
request.method = URLRequestMethod.POST;
var loader:URLLoader = new URLLoader();
loader.load(request);
//OR
navigateToURL(request); //--> produce an exception

 

Is there any solution? workarround?

 

Thanks in advance,

 

TOPICS
Browser , End of life , Error , SWF , Update

Views

143

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

jeromiec83223024 Adobe Employee
Adobe Employee , Oct 21, 2020 Oct 21, 2020

There are a bunch of cross-site scripting considerations that play into how and why we limit setting various headers when emitting requests from Flash/AIR.  I can't think of a good way to hand off session tokens to an external process as cookies.

 

You're going to need a little service on the appropriate domain to facilitate the redirection.  You'll have to think about how to best secure it, but I think the general shape of it might be a service where you pass the tokens from the AIR client to t

...

Votes

Translate

Translate
replies 1 Reply 1
latest latest Jump to latest reply
jeromiec83223024 Adobe Employee
Adobe Employee ,
Oct 21, 2020 Oct 21, 2020

Copy link to clipboard

Copied

LATEST

There are a bunch of cross-site scripting considerations that play into how and why we limit setting various headers when emitting requests from Flash/AIR.  I can't think of a good way to hand off session tokens to an external process as cookies.

 

You're going to need a little service on the appropriate domain to facilitate the redirection.  You'll have to think about how to best secure it, but I think the general shape of it might be a service where you pass the tokens from the AIR client to the server, it returns a corresponding token to retrieve them, you pass that to the external browser via navigateToURL, the client browser makes that request, and your service returns a redirect request to your applet with the appropriate headers set.  You could enhance security by do some handshaking where the server gives you a one-time salt to hash your tokens with before passing them, etc.  Once retrieved, you should drop the record with the tokens so that they can't be reused.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices