窃听网络电话给力的Html标题引用者为null [英] Intercepting network calls to force Html header referer to null
问题描述
我已经使用FlexHTML零件在我的AIR 2.7的项目得到。这是一个包装HTMLLoader类。
I've been using the Flex "HTML" component in my AIR 2.7 project. It's a wrapper for the HtmlLoader class.
现在的问题是,在HTML头空查阅情况自动设置为应用程序:// [APPNAME]瑞士法郎。这不是标准的默认引用者的行为应该是没有设置任何引用者的。结果是我得到使用内置页框(从一个iframe位置的变化设置一个空的查询)某些网站拒绝访问。
The problem is that empty referers in HTML headers are automatically set to "app://[appname].swf". This is not standard as default referer behavior should be to not set any referer at all. The consequence is I'm getting denied access on certain websites using iframes (as location changes from an iframe set an empty referer).
我对这些请求没有控制权并没有事件时改变了的iframe的源被激发。
I have no control over those requests has no event is fired when changed the source of an iframe.
我曾想过拦截所有网络调用和设置的引用者在发送消息之前,必要时清空的可能性。我的应用程序仅在至极容器中的模块加载,便于更新,所以也许我可以成立一个代理在顶部或类似的东西。
I have thought about the possibility of intercepting all network calls and setting the referer to empty when necessary before sending the message. My app is only a container in wich a module is loaded for easier updates so maybe I could set up a proxy on top or something like that.
有没有办法拦截在Flex的网络消息??
Is there any way to intercept network messages in Flex??
编辑:
在与Adobe的员工一些聊天,我开在Adobe的Bug基地中的错误这一点:的 https://bugbase.adobe.com/index.cfm?event=bug&id=2945647
After some chat with Adobe employees, I opened a bug in Adobe Bug Base about this : https://bugbase.adobe.com/index.cfm?event=bug&id=2945647
更多的相关信息,从我的意见摘录:
More infos extracted from my comments :
我尝试过(与查尔斯代理)仿效某些情况下,特定网站。当发送一个空白的或有效的引荐加载一些swf文件,它传递。但是,它拒绝的无效访问(例如:应用程序://)。这印证了引荐问题。
I've tried (with Charles proxy) to emulate some cases for a particular site. When sent a blank or valid referer to load some swf file, it passes. However, it denies access on invalid (ex: app://) . That confirms the referrer problem.
没有正式的规范,以什么是有效还是无效。我指的是什么,我测试的网站的期望。对于为例,cdn.nitrome.com/games/rubbletroubletokyo/rubbletroubletokyo.swf有这样的引荐检查,并会返回一个拒绝访问。如果页面的请求已发送与它认为无效,如应用程序中的引用://foo.swf甚至的http:// www.google.com 。它发出的,如果没有引用发送,或与要调用的SWF文件(http://www.nitrome.com/games/rubbletroubletokyo在这种情况下)的页面正确的文件。
there's no formal specification as to what is valid or invalid. I'm referring to what the sites I'm testing on expect. For exemple, cdn.nitrome.com/games/rubbletroubletokyo/rubbletroubletokyo.swf has such a referrer check and will return an "Access Denied." page if the request has been sent with a referrer it considers invalid, such as app://foo.swf or even http://www.google.com. It sends the correct file if no referrer is sent OR with the page that should be calling the swf file (http://www.nitrome.com/games/rubbletroubletokyo in this case).
应用程序是为儿童和包含网络浏览器。只有经过授权的网站都可以使用(或者由父母或发布者)和www.nitrome.com将是其中之一,在发射升空。当然,我必须确保一切都在计划推出将工作!我已经成功地创建了黑客攻击nitrome.com,但它确实特殊。我们必须创建黑客每一个网站,我们遇到的问题,那就是..好,耗时且难以维护
The app is for children and contains a web browser. Only authorized sites are allowed (either by the parents or the publisher) and www.nitrome.com will be one of them at launch. Off course, I have to make sure everything planned at launch will be working! I have succeeded in creating a hack for nitrome.com, but it's REALLY specific. We'll have to create hacks for every website we encounter problems on and that's.. well, time consuming and hard to maintain
推荐答案
由于没有办法与引荐搞乱了,我们必须实现特定的黑客对每个网站,我们有问题,(如果它是容易被破解,偏离方向)。
As there are no ways of messing with the referrer, we had to implement specific hacks for each website we have problems with (if it's hackable, off course).
下面是我已经做了www.nitrome.com游戏。
Here's what I have done for www.nitrome.com games.
游戏页面是这样的:加载SFW广告在iframe内,当广告结束(或用户点击跳过),它改变了的iframe的内容,以便它加载游戏瑞士法郎。
The game page works like this : load an sfw ad inside an iframe, when ad is complete (or user click on skip) it changes the iframe content so that it loads the game swf.
这将失败,因为引荐的,但我可以在code找出(具有定时...)有关的内容被改变,发现游戏的swf路径(正则表达式),并强制框架contentWindow.location到瑞士法郎路径。
It fails because of the referrer, but I can in code find out (with a timer...) about the content being changed, find the game swf path (regex) and force the frame contentWindow.location to the swf path.
正如我所说,这是一个黑客,它的真正具体,但它的作品出奇地好。
As I said, it's a hack and it's really specific, but it works surprisingly well.
这篇关于窃听网络电话给力的Html标题引用者为null的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
