Locked

Redirection to a servlet deployed on SWF from a desktop application based on Adobe Air: KO

New Here ,
Oct 21, 2020 Oct 21, 2020

Copy link to clipboard

Copied

Hello,

I need help,

We developed a html browser based on "Adobe air" to run flex application(SWF) and replace normal browsers (IE, chrome, ..).

It works perfectly,  it runs web application based on Flex, but we have in our application a  link that opens a servlet which opens in an external browser(or tab for IE, chrome,..) , in adobe air so we loses the session and we cannot access to servelet.

I have already tried puting the headers that contain the session ID in the URLRequest,  but it shows me an error with the navigateToURL (request) method: 

SecurityError: Error #3769: Security sandbox violation: Only simple headers can be used with navigateToUrl() or sendToUrl().

 
When using the URLLoader object with the load method the request returns data, no session problem and it keeps the same session. But it doesn't open the content in a new window.

 

request.requestHeaders.push(new URLRequestHeader("SESSIONID", sessionId));
request.requestHeaders.push(new URLRequestHeader("JSESSIONID", sessionId));
request.requestHeaders.push(new URLRequestHeader("Set-Cookie", "JSESSIONID="+ sessionId));
request.method = URLRequestMethod.POST;
var loader:URLLoader = new URLLoader();
loader.load(request);
//OR
navigateToURL(request); //--> produce an exception

 

Is there any solution? workarround?

 

Thanks in advance,

 

TOPICS
Browser, End of life, Error, SWF, Update

Views

88

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct Answer

Adobe Employee , Oct 21, 2020 Oct 21, 2020
There are a bunch of cross-site scripting considerations that play into how and why we limit setting various headers when emitting requests from Flash/AIR.  I can't think of a good way to hand off session tokens to an external process as cookies. You're going to need a little service on the appropriate domain to facilitate the redirection.  You'll have to think about how to best secure it, but I think the general shape of it might be a service where you pass the tokens from the AIR client to t...

Likes

Translate

Translate
Adobe Employee ,
Oct 21, 2020 Oct 21, 2020

Copy link to clipboard

Copied

LATEST

There are a bunch of cross-site scripting considerations that play into how and why we limit setting various headers when emitting requests from Flash/AIR.  I can't think of a good way to hand off session tokens to an external process as cookies.

 

You're going to need a little service on the appropriate domain to facilitate the redirection.  You'll have to think about how to best secure it, but I think the general shape of it might be a service where you pass the tokens from the AIR client to the server, it returns a corresponding token to retrieve them, you pass that to the external browser via navigateToURL, the client browser makes that request, and your service returns a redirect request to your applet with the appropriate headers set.  You could enhance security by do some handshaking where the server gives you a one-time salt to hash your tokens with before passing them, etc.  Once retrieved, you should drop the record with the tokens so that they can't be reused.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines