Deployed Applet Suddenly Not Working - actionscript-3

I put together an applet that uploads images via as3httpclientlib to a servlet. The applet works fine in debug mode (through flash builder) and until today it worked when deployed.
From the servlet logs, it appears the servlet never receives the image(s) byte stream, therefore my hunch is the applet is not posting the multipart data.
Can anyone suggest what I should do next to find the cause of the problem?

I suppose you ran into problem described here:
In Flash Player 10 and later, if you
use a multipart Content-Type (for
example "multipart/form-data") that
contains an upload (indicated by a
"filename" parameter in a
"content-disposition" header within
the POST body), the POST operation is
subject to the security rules applied
to uploads:
The POST operation must be performed
in response to a user-initiated
action, such as a mouse click or key
press.
If the POST operation is
cross-domain (the POST target is not
on the same server as the SWF file
that is sending the POST request), the
target server must provide a URL
policy file that permits cross-domain
access.
So I think you should run your application using debugger and check Flex client logs for exceptions described above.

Related

Performance testing - multiple websocket connections

I would need to test the "resistance" of the server receiving an increasing number of websocket connections, through which data is sent over MQTT.
To that purpose, I created a simple webpage which has an "onLoad" directive so that when it loads, it connects to the server over websocket and starts receiving the data. In order to simulate (and increase the number of websocket connections), I thought about JMeter with a Loop controller that opens the page. However, I note that when the page is loaded by JMeter, it does not establish the websocket (in other words, it discards the "onLoad") javascript directive in the page. Is there a special JMeter configuration I'm missing? Is there another way to achieved what I would like?
Many thanks - Christian
As per JMeter project main page:
JMeter is not a browser, it works at protocol level. As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages. Nor does it render the HTML pages as a browser does (it's possible to view the response as HTML etc., but the timings are not included in any samples, and only one sample in one thread is ever displayed at a time).
therefore your onload event is being absolutely ignored by JMeter's HTTP Request sampler as it doesn't execute any functions.
If you want to load test your websocket backend you will need to go for JMeter WebSocket Samplers and establish connection/send payload using the relevant samplers. The plugin can be installed using JMeter Plugins Manager, there are JMeter WebSocket Samplers - A Practical Guide article and some example JMeter scripts which you can use as the reference

Flash - How come I do not receive a security warning to allow cross-site requests?

I am using the URLLoader class to send data to a script that sends an email with that data; the URLLoader is also used to receive the return data on the status of the request. This email script is located on another domain (webscript.io, in this case; they host scripts written in LUA that can perform various functions when called). I don't want to have to get them to host a crossdomain.xml file, but when I visit the page to use the Flash app, I don't even get a security warning. Is that not the default action when there is cross-domain scripting in a Flash application without a crossdomain.xml file?
For your reference, here is the application: http://www.canadadocks.ca/build-dock-app/
The cross domain issues are specifically for data that your SWF is retrieving from other domains. So if you're sending data (via a HTTP POST/GET), then this is not a problem.
Also, unless you're using the debug player, you won't see the security exception that occurs.
There are also various things that will not trigger the exception: like downloading and displaying an image from another domain. However, if you then try to access the bitmap data of that image, you'll get the security exception (unless the crossdomain.xml permits it).
So it can depend on what you're retrieving and what you're doing w/the data you fetch.
If you're still curious, you should further explain what type of data you're retrieving and what you do with it. As usual, it's better to explain that with code than with words ;)

Accessing redirected-to URL when making an HTTP request

When making an HTTP request (using URLLoader, for example) that results in a redirect, is it possible to access any of the URLs in the redirect chain?
For example, let's say that the following happens:
We make a request to example.com/a.gif
example.com redirects to example2.com/b.gif
example2.com redirects to example3.com/c.gif
I've stared at the documentation for URLLoader and its various events for a while, and it doesn't seem like there's a way to either:
Instruct URLLoader to not follow redirects
Access any of the URLs involved after the initial request
Does anyone know if there's a way to do this? I'm not attached to using URLLoader, so if there's another class that supports this functionality, I'd be fine with using it.
Can anyone point me in the right direction? Thanks in advance!
Edit - I should clarify: I know how to detect the redirects outside of AS3 using a DOM debugger. I'm specifically interested in accessing the redirect chain within AS3. It would appear that it's possible using the AIR player via the HttpStatusEvent, but the relevant properties aren't available when using Flash Player.
Edit 2 - I've also tried using an HTTP client lib (as3httpclientlib, to be specific). This works except for the fact that it loads cross-domain policies from port 843 rather than by making an HTTP request to /crossdomain.xml. The context I'm working in requires the latter, so using something with Socket underlying it won't work unless there's a way to force Socket to load cross-domain policies from HTTP instead of port 843.
The redirects are generally in place because the original URL shouldn't be used anymore. The file doesn't exist at example.com/a.gif so in theory you don't need to know about it. Why do you need the intermediate request path?
I'm not aware of an actionscript way of finding the redirect chain for any request, but if you want to do it for a specific chain you can use HttpFox for Firefox, or hit f12 in google chrome and look at the network tab when making a request to the URL that redirects. This will only work if the client is redirected by the server to the new address (a HTTP 302 responce or similar.) If the server chooses to return the contents of example3.com/c.gif when someone's browser asks for example.com/a.gif there is nothing you can do.

how to reverse engineer an http API call using REST console

I'm trying to replicate a request I make on a website (ie zoominfo.com) using the same http POST parameters using chrome rest console, but it fails for some reason. I'm not sure if there is a missing field or it's not working because the origin of the request isn't valid.. can someone point me out in the right direction? Below is a detailed explanation of the experiment:
ORIGINAL CASE
basically if I go to zoominfo.com (registered and all) I see a form page that I need to fill:
if I hit enter.. the site makes an ajax call. If I open the chrome web dev tools, and open the network tab, I see the details of the ajax call:
notice the body of the POST has the name John Becker in it:
{"boardMember":{"value":"Include","isUsed":true},"workHistory":{"value":"CurrentAndPast","isUsed":true},"includePartialProfiles":{"value":true,"isUsed":true},"personName":{"value":"john%20becker","isUsed":true},"lastUpdated":{"value":0,"isUsed":true}}
the response is shown under the respones tag:
WHAT I'M TRYING TO DO
basically replicate what i've done above using a REST console (note: so there is nothing illegal here.. i'm just replacing a chrome browser action with a rest client action.. i'm not hacking anyone and i'm not getting information I can't get the normal way, but if someone feels otherwise.. please let me know)..
so I plug in the same parameters as above into the rest console:
now i'm not sure about authentication.. but just to be safe, i entered the same user name and pwd i have for the site into the REST console:
but then I keep on getting an error as a response to my rest console's request:
UPDATE: CORRECT ANSWER:
so according to JMTyler's answer.. I had to simply include criteria in the RAW body, and convert it to url encoding.. in addition to that, I had to explicitly set the encoding in the rest console body..
looking at the chrome inspector more closely, it turns out that I simply had to click on view source:
to get the url-encoded value that I needed to put in the RAW body in the rest console:
I also had to set encoding to gzip,deflate,sdch and things worked fine!
The form is posting all that JSON under the field criteria. You can see this in the screencap of the chrome dev console you posted.
Just start your raw body in rest console with criteria= and make sure the json has been url-encoded. That should do it.
No authentication is needed because none is passed through the headers in your screencap. Any cookies you have when you load the page normally will also be loaded through rest console, so you don't need to worry about explicitly setting them.
Reading your problems I'll make an educated guess:
zoominfo does not provide an RESTful API.
Rest-Console understands and uses HTTP Authentication, which is different from the authentication handler zoominfo implemented.
A possible way to work around may be:
Make a call to the login-page via rest console. you'll get back cookies and a lot more.
In subsequent requests to zoominfo be sure to include those cookies (likely holding some session information) in your request, therefore acting like a browser.

Flex navigateToURL method not working

I used navigateToURL method to navigate to aspx web page. I used url request as Post method but when i check this in the webpage the http method turned to Get method. Any one please help. I loaded the Flex page into the windows application
This is most likely due to a security restruction. If you are executing navigateToURL from an AIR app, the POST will be treated as a GET. Please see the security notes at http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/package.html#navigateToURL()
Make sure your URLRequest object has URLVariables attached to it (even if the the variables are empty). If you have no data then the player will convert the POST to GET. This is normal, expected behavior.
http://mate.asfusion.com/forums/topic.php?id=70