Omni-K/in-spirit

request headers and 2176 security issue

Closed this issue · 1 comments

So the 2176 security issue rears its ugly head when submitting multi-part 
data across triggered by an ExternalInterface call.

I read elsewhere about the problem and figured it wasn't able to be fixed. 
Turns out it can. 

I'm not sure why the "cotentType" property was set and not the 
"requestHeaders" but if within the doSend() method you change:

urlRequest.contentType = 'multipart/form-data; boundary=' + getBoundary();

TO:

urlRequest.requestHeaders.push(new URLRequestHeader("Content-Type", 
'multipart/form-data; boundary=' + getBoundary()));


Everything seems to work then even with ExternalInterface. Again I really 
don't know why it was the other way, but this class is really convenient 
and great. It makes adding data a very simple both strings and file data. 
So I really love this class. Hope this helps.

Original issue reported on code.google.com by Tom.Maia...@gmail.com on 24 Feb 2010 at 11:49


This one is already fixed and commited couple of days later.
please update for the latest version form Repository

Thanx.

Original comment by zatepya...@gmail.com on 25 Feb 2010 at 2:16

  • Changed state: Done