如何可靠地检测 Flash 是否是对服务的请求的发起者? [英] How can I reliably detect if Flash was the originator of a request to a service?

问题描述

我需要能够检测闪存是否是对 ASP.NET 服务的请求的发起者.原因是当响应状态代码不是 200 时，Flash 无法处理 SOAP 消息.但是，我允许异常通过我们的 SOAP Web 服务冒泡，因此 SOAP 服务器故障的状态代码是 500.在 Flash 10 之前，我能够检查引用属性，如果它以 .SWF 结尾，我将状态代码更改为 200，以便我们的 Flex 应用程序可以适当地处理 SOAP 消息.但自从引入 Flash 10 后，不再发送引用.我想用 x-flash-version 头，但是好像只有在使用 IE 时才会发送，而不是 FF.

I need to be able to detect if flash was the originator of a request to an ASP.NET service. The reason being that Flash is unable to process SOAP messages when the response status code is something other than 200. However, I allow exception to bubble up through our SOAP web services and as a result the status code for a SOAP server fault is 500. Before Flash 10 I was able to check the referrer property and if it ended in .SWF I changed the status code to 200 so that our Flex application could process the SOAP messages appropriately. But since the introduction of Flash 10 the referrer is no longer sent. I would like to use the x-flash-version header, but it seems to only be sent when using IE, not FF.

这让我想到了我的问题:如何可靠地检测 Flash 是否是对服务的请求的发起者?

Which brings me to my question: How can I reliably detect if Flash was the originator of a request to a service?

推荐答案

你不能可靠地做到这一点 - 毕竟，它可能是一个代理，或者有人窥探了你的 Flash 组件的流量来工作了解如何在没有 Flash 版本没有的任何限制的情况下重用您的 API.

You cannot reliably do this - after all, it could be a proxy, or someone may have snooped your Flash component's traffic to work out how to reuse your API without whatever restrictions the Flash version wouldn't have.

对于区分输出的基本健全性检查，您可以简单地添加一个标志来说明请使用 Flash API 版本"；但是对于所有 HTTP 通信，伪造所需的任何内容都相对简单.

For a basic sanity check to differentiate the output, then you could just as simply add a flag to say "Flash API version please"; But with all HTTP communications, it is relatively trivial to fake whatever is required.

这篇关于如何可靠地检测 Flash 是否是对服务的请求的发起者?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！