Copy link to clipboard
Copied
Since updating to 13.0.0.214 we've been getting this error code in one of our applications. BUT there isn't a description of what it means. I know what function is throwing it, but without a description, it's going to be hard to fix...
Help!!
Copy link to clipboard
Copied
If you include the code and the complete error message it might be possible to help solve it.
Copy link to clipboard
Copied
I can include it, but it probably won't help much:
The line of code throwing the error (it's an AlivePDF object):
pdf.save( Method.REMOTE, "http://lamp.countygp.ab.ca/webmap/AlivePdfGen.php", Download.INLINE, "mapexport.pdf","_blank" );
The complete error text from Error.message :Error #3769
If we use veiwer version is 13.0.0.206 it's fine but 13.0.0.214 thows this error.
Copy link to clipboard
Copied
We have a client that is having a similar problem after their users were auto-updated to this version. We are also using AlivePDF as part of our "Show and Print" functionality and are getting error 3769.
We have some folks here researching, but please share any clues you come across.
SecurityError: Error #3769: Security sandbox violation: Cannot send HTTP headers when using navigateToUrl().
at global/flash.net::navigateToURL()
at org.alivepdf.pdf::PDF/save()
at com.mycompany.module.myaction.components::ReviewConfirm/doPDFPrint()
at com.mycompany.module.myaction.components::ReviewConfirm/__printButton_click()
Copy link to clipboard
Copied
I have the same problem it seem that in Flash 13.0.0.214 they have changed something.....
also using AlivePDF
Copy link to clipboard
Copied
This sounds like it is a Flash Player issue and not an Actionscript issue. You might find help in the Flash Player forum(s) rather than here.
Copy link to clipboard
Copied
http://code.google.com/p/chromium/issues/detail?id=351612
did Adobe just follow Google chrome ( that nobody use)????
things that work should not be changed.....
Copy link to clipboard
Copied
I'm 99% sure this is the issue since the code in quesion is:
var header:URLRequestHeader = new URLRequestHeader ("Content-type","application/octet-stream");
Theoretically, it should be just changing it and recompiling the library. (none of which I've done before and the project doesn't have a project file). Any volunteers or should I give it a shot?
Copy link to clipboard
Copied
With 13.0.0.214, it is no longer allowed to send HTTP headers with your request.
This is breaking hundreds of sites.
Please vote here:
Copy link to clipboard
Copied
Unfortunately, this was an intentional and necessary change required to address a security issue reported by an external researcher. We sincerely apologize for the inconvenience.
After careful consideration, we found that the only way to truly resolve the issue was to disable support for custom headers in NavigateToURL.
While we would prefer to provide advanced notification for security changes that affect existing content, experience has taught us that it is not a viable approach, and ultimately puts customers at more risk. We go to great lengths to preserve backward-compatibility in general, but it's our responsibility to balance those considerations with the overall security of end-users and the web at large.
Custom headers continue to be supported via the URLRequest class, and we encourage developers to use those APIs where custom headers are required.
Copy link to clipboard
Copied
Thanks for the feedback, Jeromie.
Are there any examples of how to open in a new window using the URLRequest?
I don't think I NEED the custom headers (still experimenting with it), but I can't seem to get the POST to go through either...
Any idea when the documentation (and examples) will be updated? It's really a GIANT pain in the butt trying to figure this out without that basic resource.
Copy link to clipboard
Copied
No problem. We're actively working on some examples based on the initial feedback we've received, but at a high level, we think that one of these workarounds will be viable for most situations:
1.) Use URLRequest and URLLoader.load() to send the POST with custom headers.
2.) Implement the page load as a JavaScript function in the hosting page and invoke it using ExternalInterface; however you can only set custom headers from JavaScript on the context of XmlHTTPRequest, so this may not be helpful.
There's a good example of how to do the window.open with HTTP POST in Javascript here: javascript - Window.open and pass parameters by post method - Stack Overflow
3.) Custom headers are restricted when you're doing a POST, but not for GET. If you're only transmitting a small amount of non-sensitive data, doing it via GET might be an easy workaround.
4.) You could use Apache mod_rewrite and mod_headers or the equivalent for your web server, such that you pass the data from Flash Player to the web server as part of the URL or as GET parameters, then rewrite the parameters as headers as necessary for consumption by the server. You'd want to constrain that to the extent possible so that it can't be abused. A quick search earlier turned up a similar example that could be modified for this kind of approach: http://www.kahunaburger.com/2012/05/18/mod_rewrite-and-mod_headers-to-rewrite-headers/
You should still be able to send a POST via NavigateToURL() without custom headers. Error messages are suppressed in the regular release version of Flash Player. If you're not using it already, the content debugger might show you some useful feedback.
Thanks,
Jeromie
Copy link to clipboard
Copied
One more question... Has the contentType property of the URLRequest also been changed? It's the ONLY header I need to set, but it doesn't seem to be setting...
Copy link to clipboard
Copied
So, my solution that seems to work so far...
//pdf.save( Method.REMOTE, "http://myserver/webmap/AlivePdfGen.php", Download.ATTACHMENT, "mapexport.pdf" ); (take this out)
var bytesTemp : ByteArray = pdf.save(Method.LOCAL);
var sendRequest:URLRequest =new URLRequest("http://myserver/webmap/AlivePdfGen.php");
sendRequest.method = URLRequestMethod.POST;
sendRequest.data = bytesTemp;
navigateToURL(sendRequest,'_blank');
on "myserver"
I added a crossdomain.xml (not sure it's needed, but doesn't hurt)
I turned on always_populate_raw_post_data
And now I've got my pdfs coming out!
Copy link to clipboard
Copied
My application also uses SWF (AlivePDF )+ Java Servlet to generate PDF/PPT and it was for flash version 13.0.0.6 and not working for 13.0.0.213/214
with below changes i made it work for Flash version 13.0.0.213/214
Flex Change:
Comment the this line :
myPDF.save(Method.REMOTE, "https://myserver.com:8443/pdfService/Weekly_Report?download="+reportType, "Report.pdf");
and add below code to post the pdf data to servlet
var bytesTemp : ByteArray = myPDF.save(Method.LOCAL);
var sendRequest:URLRequest =null;
if(reportType=="ppt"){
sendRequest=new URLRequest("http://myserver:8080/pdfService/GeneratePPT");
}else{
sendRequest=new URLRequest("http://myserver:8080/pdfService/GeneratePDF");
}
sendRequest.method = URLRequestMethod.POST;
sendRequest.data = bytesTemp;
navigateToURL(sendRequest,'_blank');
Java Servlet Code to get generate the PDF:
ServletInputStream si =null;
ServletOutputStream stream = null;
int i = 0;
int k = 0;
int maxLength = request.getContentLength();
byte[] bytes = new byte[maxLength];
si = request.getInputStream();
try{
while (true)
{
k = si.read(bytes,i,maxLength);
i += k;
if (k <= 0)
break;
}
if (bytes != null){
stream = response.getOutputStream();
response.setContentType("application/pdf");
response.setContentLength(bytes.length);
response.setHeader("Content-disposition","inline; filename=scroReport.pdf" );
stream.write(bytes);
stream.flush();
// stream.close();
}
}catch(Exception ex){
// ex.printStackTrace();
}finally {
try{
if (si != null) {
si.close();
}
if (stream != null) {
stream.close();
}
}catch(IOException ex){
}
}
Following code is tested in IE9 /IE8 with Flash version 13.0.0.216
Copy link to clipboard
Copied
Hello,
I have the same scenario as neelam_Ramesh.
I applied his solution but I cannot get my application working again. Can somebody help me with this please?
Before the new Flash Player everything was working fine in all browser, well at list I tested in FireFox, Chrome, IE 8/9/10/11 in Windows and Safari in Mac.
Now only IE 8 is working witch no very useful since my clients are using most Safari, Chrome and FireFox.
I have my clients and my manager waiting for the solution.
Flex code:
var serverScript:String = tomcatServlet + "setPDF&method=ATTACHMENT&name=routes123456.pdf";
//printPDF.save(Method.REMOTE, serverScript, howToOutput, "routes123456.pdf");
bytesTemp : ByteArray = printPDF.save(Method.LOCAL);
sendRequest:URLRequest = new URLRequest(serverScript);
sendRequest.method = URLRequestMethod.POST;
sendRequest.data = bytesTemp;
navigateToURL(sendRequest,'_blank');
java code:
// ****************************************************
protected void setPDF(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
int i = 0;
int k = 0;
int maxLength = request.getContentLength();
byte[] bytes = new byte[maxLength];
String method = request.getParameter("method");
String name = request.getParameter("name");
ServletInputStream si = request.getInputStream();
while (true) {
k = si.read(bytes, i, maxLength);
i += k;
if (k <= 0) {
break;
}
}
if (bytes != null) {
ServletOutputStream stream = response.getOutputStream();
response.setContentType("application/pdf");
response.setContentLength(bytes.length);
//response.setHeader("Content-Disposition", method + ";filename="+ name);
response.setHeader("Content-Disposition","inline; filename="+ name);
stream.write(bytes);
stream.flush();
stream.close();
}
}
Thanks !!!
Copy link to clipboard
Copied
If you run the application with the Debugger version of Flash Player, does it provide any useful feedback?
Copy link to clipboard
Copied
5/26/2014
Since Adobe change
you cannot do this anymore
String method = request.getParameter("method");
String name = request.getParameter("name");
in the java code
and then
ServletInputStream si = request.getInputStream();
so I have three servlets
one for PDF stream CreatePDFServletStream.java (this will work with images too)
one for CSV stream CreateCSVServletStream.java
and one for use with text from the myRequest.data DoThisCreateServlet.java
(String thisIsTheData = request.getParameter("thisIsTheData");)
also when the thisIsTheData is to big ( I don't know when) this will not work
so for me I am using the steram servlets in my Flex app
I have uploaded to
Bug#3759971 - Security error #3769 is too excessive, breaks navigateToUrl()
as
sloution_for_AlivePDF.zip
Hope this help you
Yossi
Copy link to clipboard
Copied
yossi_on_adobe has provided some comments, Please let me know if you are still facing the issue ?
Copy link to clipboard
Copied
Hello,
Yes, I am. I did everything and it didn't work at all.
For now, because my clients were waiting for this, I build the file in the server-side using pdfBox and I open it using navigateToUrl().
I spent 2 days trying to solve this issue and it took me 3 hours to remake the file
Anyways, I'd like to know how to put back my old code.
Thanks.
Copy link to clipboard
Copied
The change is heavy-handed. This is a disaster for the community of developers using Flash for enterprise applications - in particular Flex.
Why disabling all headers ?
Chrome/Pepperflash resolved the issue of cross-reference for navigateToURL in a more balanced manner by disabling only the complex headers, but *not* the simple headers, as defined in
http://www.w3.org/TR/cors/#simple-header
***Please read*** the bug report at https://code.google.com/p/chromium/issues/detail?id=351612