Home/ Questions/Q 6358667
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T23:25:04+00:00

I’ve been using the Flex HTML component in my AIR 2.7 project. It’s a

  • 0

I’ve been using the Flex “HTML” component in my AIR 2.7 project. It’s a wrapper for the HtmlLoader class.

The problem is that empty referers in HTML headers are automatically set to “app://[appname].swf”. This is not standard as default referer behavior should be to not set any referer at all. The consequence is I’m getting denied access on certain websites using iframes (as location changes from an iframe set an empty referer).

I have no control over those requests has no event is fired when changed the source of an iframe.

I have thought about the possibility of intercepting all network calls and setting the referer to empty when necessary before sending the message. My app is only a container in wich a module is loaded for easier updates so maybe I could set up a proxy on top or something like that.

Is there any way to intercept network messages in Flex??

EDIT :

After some chat with Adobe employees, I opened a bug in Adobe Bug Base about this : https://bugbase.adobe.com/index.cfm?event=bug&id=2945647

More infos extracted from my comments :

I’ve tried (with Charles proxy) to emulate some cases for a particular site. When sent a blank or valid referer to load some swf file, it passes. However, it denies access on invalid (ex: app://) . That confirms the referrer problem.

there’s no formal specification as to what is valid or invalid. I’m referring to what the sites I’m testing on expect. For exemple, cdn.nitrome.com/games/rubbletroubletokyo/rubbletroubletokyo.swf has such a referrer check and will return an “Access Denied.” page if the request has been sent with a referrer it considers invalid, such as app://foo.swf or even http://www.google.com. It sends the correct file if no referrer is sent OR with the page that should be calling the swf file (http://www.nitrome.com/games/rubbletroubletokyo in this case).

The app is for children and contains a web browser. Only authorized sites are allowed (either by the parents or the publisher) and http://www.nitrome.com will be one of them at launch. Off course, I have to make sure everything planned at launch will be working! I have succeeded in creating a hack for nitrome.com, but it’s REALLY specific. We’ll have to create hacks for every website we encounter problems on and that’s.. well, time consuming and hard to maintain

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As there are no ways of messing with the referrer, we had to implement specific hacks for each website we have problems with (if it’s hackable, off course).

    Here’s what I have done for http://www.nitrome.com games.

    The game page works like this : load an sfw ad inside an iframe, when ad is complete (or user click on skip) it changes the iframe content so that it loads the game swf.

    It fails because of the referrer, but I can in code find out (with a timer…) about the content being changed, find the game swf path (regex) and force the frame contentWindow.location to the swf path.

    As I said, it’s a hack and it’s really specific, but it works surprisingly well.

    • 0