I have an application developed in flash, and I need to access some php files. so the php file return some data if the access is came from swf. How can i identify if the request came from flash or not?
without passing get/post variables to php.
A:
User agent/Referer possibly. Keep in mind that requests can easily be forged
Robus
2010-07-23 13:42:42
how is it possible, can you give me an example. I tried but I got the user agent as Mozilla.. :(
coderex
2010-07-23 13:48:58
For security reasons, Flash can't send user-agent headers when it makes a URLRequest. It uses the existing user-agent of the browser it's running in.
nerdabilly
2010-07-23 13:53:48
A:
You cannot tell that it is coming from flash as flash actually uses the browser to do the request.
But in your flash request you could add your own header to the HTTP request (you can do this pretty easily in flash). That way you can see if the request is coming from Flash.
John Ballinger
2010-07-23 13:50:38
A:
I don't think there really is a reliable way of detecting whether Flash made the request. Flash doesn't allow you to set the user-agent, and there are a lot of restrictions on what headers can be set.
Take a look at http://help.adobe.com/en_US/AS3LCR/Flash_10.0/flash/net/URLRequestHeader.html
as John Ballinger suggested, you could set your own header using this and look for that header in the PHP page.
nerdabilly
2010-07-23 13:55:00
A:
Do you necessarily need to know that the request came from a SWF? Maybe it's more important that the request came from the same domain or from a set of domains that you allow? If so, you can check the referring domain in the PHP script. I'm assuming what you're trying to do is make sure that only certain requesters are able to get the data that your PHP file is outputting. You can also mix in a crossdomain.xml file for more security, although if the data is sensitive you'll have to find a better form of authentication for the SWF to PHP communication.
Sandro
2010-07-23 15:24:54
A:
This is in response to John Ballinger's answer:
import flash.net.URLLoader;
import flash.net.URLRequest;
import flash.net.URLRequestHeader;
var loader:URLLoader = new URLLoader();
var request:URLRequest = new URLRequest("http://www.mydomain.com/myapp.php");
var header:URLRequestHeader = new URLRequestHeader("custom-header-name", "value");
request.requestHeaders.push(header);
try {
loader.load(request);
} catch (error:Error) {
trace("Unable to load requested document.");
}
You must also make sure to modify your crossdomain.xml to allow http headers as follows:
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.mydomain.com" />
<allow-http-request-headers-from domain="*.mydomain.com" headers="*" />
</cross-domain-policy>
Rudisimo
2010-08-01 17:27:36