Which headers are allowed in Flash Player?
Posted: 08/05/08
OK, so since the shake-up with the Flash Player security vulnerabilities that began with player 9.0.115.0 and became strictly enforced with 9.0.124.0, there seems to be a lot of confusion about what headers you can and can't send on the URLRequestHeader object.
Below is the list of apparently banned headers:
* A NULL header string
* Accept-Charset
* Accept-Encoding
* Accept-Ranges
* Age
* Allow
* Allowed
* Connection
* Content-Length
* Content-Location
* Content-Range
* Cookie *(whilst not documented, I can't append it)
* Date
* ETag
* Expect
* Host
* Keep-Alive
* Last-Modified
* Location
* Max-Forwards
* Proxy-Authenticate
* Proxy-Authorization
* Public
* Range
* Referer
* Retry-After
* Server
* TE
* Trailer
* Transfer-Encoding
* Upgrade
* URI
* User-Agent
* Vary
* Via
* Warning
* WWW-Authenticate
* x-flash-version
One thing I've noticed since Adobe and Opera 'collaborated' on the fix for these issues is that HTTP headers originating from Flash applications embedded in Opera browsers arrive at the server with TWO referrer headers. I suspect there is a bug here, but I'll look a little more into it and post back soon.
Update 09/04/09: The latest version of Opera has resolved this problem, by only ever sending one "referer" value (misspelled as per HTTP spec)
More information about the changes in the recent security update can be obtained from:
Keywords for this post: flash player, security, headers, referrers, opera
Popular categories:
Recent posts:
- Mac OS find files using regex
- ADB device driver won't install
- Eclipse: An error has occurred. See the log file .metadata/.log
- Updated blinkbox iPad app
- Nexus 7 doesn't appear in adb devices list
- Improve the keyboard in the Samsung ICS update
- 403 Forbidden error on Mac web server
- Getting error with manually created NIB?
- Adding/removing items from PATH on Mac
- Presenting at Flash Oxford
- more...
Publications:
Places you'll find me:
Archive:
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023