I'm trying to communicate my flash application with my server. Either the problem is my code is working on Flash Professional, but I have prepared all my interface on Flash Builder which uses Flex 4 -SDK. My code does not work on Flex Project.
The problem is not security file. I can not solve the problem. What are the possible reasons?
Kind Regards.
If necessary my code is below [working on FlashPro but not on Flex ! ]
import flash.net.*;
import flash.events.Event;var host:String = new String("127.0.0.1");
var port:int = 8080;
var securityFile:String = "http://localhost:1755/.../..../s....xml";
var bagli:Boolean = false;
var socket:Socket = null;
var veri:String = new String("----");
btnGonder.addEventListener(MouseEvent.MOUSE_DOWN, tiklantiEvent);
function buildSocket():void
{
trace("beginning....");
socket = new Socket();
socket.addEventListener(Event.CONNECT, onConnect);
socket.addEventListener(Event.CLOSE, onClose);
socket.addEventListener(ErrorEvent.ERROR, onError);
socket.addEventListener(IOErrorEvent.IO_ERROR, onIOError);
socket.addEventListener(ProgressEvent.SOCKET_DATA, onResponse);
Security.allowDomain(host);
Security.loadPolicyFile(securityFile);
try {
socket.connect(host, port);
bagli = true;
trace("--- connection...");
} catch (error:Error) {
trace("--- connection failed...");
socket.close();
}
}
function send(string:String):void {
socket.writeUTFBytes(string);
socket.flush();
}
function onConnect(event:Event):void {
trace("connect");
}
function onClose(event:Event):void {
trace("closed");
}
function onError(event:IOErrorEvent):void {
trace("connection erron");
}
function onIOError(event:IOErrorEvent):void {
trace("data error");
}
function onResponse(event:ProgressEvent):void {
var string:String = socket.readUTFBytes(socket.bytesAvailable);
trace(string);
}
function (sender:Event):void {
trace("clicked button....");
buildSocket();
trace("------------------");
}
You are trying to authorize a socket connection by using a content-type policy file. You should use socket policy file instead. Policy file syntax is the same as far as I remember, but the url should begin with xmlsocket:// instead of http://. This file should not be served through http.
Furthermore, the host's domain and the domain from the policy file address should be exactly the same. Given that your host is specified as 127.0.0.1, change the policy file url to
xmlsocket://127.0.0.1:1755
For more details see Adobe's guidelines for policy files.
Related
I've a Cloudflare Worker that acts as a proxy for my application. I need this because Cloudflare blocks external requests using curl, or any HTTP request lib. So inside of the Cloudflare network, I'm able to bypass Cloudflare validation for the http://icanhazip.com/.
The problem is, when I configure Cloudflare worker as a proxy and use it in my requests lib Python code, the page gets its real content, but the IP that is showing up by the http://icanhazip.com/ is the Cloudflare worker IP, no my own.
I know that Cloudflare uses CF-Connecting-IP for passing my IP, and when I check in the Worker, my IP is there, but, the page not gets the correct IP.
I've tried X-Forwarded-For, X-Real-IP, True-Client-IP, and other headers to try pass the correct IP.
The problem is, when the proxy is done, I need to use in a real application scenario, when workers will be the proxies for changing authentication, but the applications are from third-party companies, so I've no control over then to pass a custom header with the IP.
Anyone has a idea, how to forward the real user ip, or this is not possible, I've seen the Cloudflare Spectrum, but I don't know, if it fits to my problem.
This is my Worker Code.
const OLD_URL = ".server.com"
const NEW_URL = ".proxied.com"
class AttributeRewriter {
constructor(attributeName) {
this.attributeName = attributeName
}
element(element) {
const attribute = element.getAttribute(this.attributeName)
if (attribute) {
element.setAttribute(
this.attributeName,
attribute.replace(OLD_URL, NEW_URL),
)
}
}
}
const rewriter = new HTMLRewriter()
.on("a", new AttributeRewriter("href"))
.on("img", new AttributeRewriter("src"))
.on("link", new AttributeRewriter("href"))
.on("object", new AttributeRewriter("src"))
async function forwardReq(request) {
try{
let newHdrs = new Headers()
for (const [key, value] of request.headers) {
/*if (key.toLowerCase().startsWith('cf-')) {
continue;
}*/
if (key.toLowerCase() == 'x-forwarded-for') {
continue;
}
if (key.toLowerCase() == 'x-real-ip') {
continue;
}
if (key.toLowerCase() == 'content-security-policy') {
continue;
}
newHdrs.set(key, value)
}
newHdrs.set('Host', request.url.replace(OLD_URL, NEW_URL))
newHdrs.set('X-Real-IP', request.headers.get('CF-Connecting-IP'))
newHdrs.set('X-Fowarded-For', request.headers.get('CF-Connecting-IP'))
newHdrs.set('True-Client-IP', request.headers.get('CF-Connecting-IP'))
newHdrs.set('Remote-Addr', request.headers.get('CF-Connecting-IP'))
newHdrs.set('X-ProxyUser-Ip', request.headers.get('CF-Connecting-IP'))
newHdrs.set('Via', request.headers.get('CF-Connecting-IP'))
let address = ''
const url = new URL(request.url)
address = request.url.replace(NEW_URL, OLD_URL)
const init = {
headers: newHdrs,
method: request.method
}
if (request.method == 'POST') {
init.body = await request.arrayBuffer()
init.method = 'CONNECT'
}
else {
init.body = request.body
}
let response = await fetch (address, init);
let html = await response.text()
html = html.replace(/\.coinbase.com/g, NEW_URL)
/*return new Response(JSON.stringify([...response.headers]), {
headers: response.headers
})*/
let newResponse = new Response(html, {
headers: response.headers
})
if (newResponse.headers.get('Referer')) {
newResponse.headers.set('Referer', newResponse.headers.get('Referer').replace(request.url.hostname, 'www.coinbase.com'))
}
if (newResponse.headers.get('Location')) {
newResponse.headers.set('Location', newResponse.headers.get('Location').replace(request.url.hostname, 'www.coinbase.com'))
}
newResponse.headers.set('Access-Control-Allow-Origin', '*')
newResponse.headers.delete('Content-Security-Policy')
return newResponse
}
catch (e) {
return new Response(e.message)
}
}
addEventListener('fetch', event => {
event.respondWith(forwardReq(event.request))
})
Not a JS expert so to me, your code seems a bit complex for what you're trying to achieve. We also have a similar requirement to parse the real user IP to our application because of the application logic that depends on it, and when moving to CF we've hit the same wall.
However CF-Connecting-IP worked just fine in our case. We first check if X-Forwarded-For exists and if not define a variable with Cf-Connecting-IP.
async function setRealIP(request)
{
var ip=""
// Get the X-Forwarded-For header if it exists
ip = request.headers.get("X-Forwarded-For")
if (!ip) {
//console.log("X-Forwarded-For was null")
ip = request.headers.get("Cf-Connecting-Ip")
//console.log("Getting IP from CF-Connecting-IP:"+ip)
}
// Add Real IP to header
request = new Request(request)
request.headers.set('True-Client-IP', ip)
return request
}
To make things cleaner, we've just put it in a function called setRealIP() and the forwardReq() would just be like this:
async function forwardReq(request) {
request = await setRealIP(request)
//add redirect logic here
}
Also for the rewrite, try to see if the out of the box feature Cloudflare Transform Rules can help.
I have a Cefsharp application which has Html pages with Javascript. Js makes API calls which happens fine if I open cef application in windows but most of API calls are not happening when I am opening same cef application through testcompelete.
On debugging application I am getting CORS warning.
I am using CefCustomScheme which has root folder path, schemeName and host name specified. And provided same shemeName and host name in Address in wpf: chromiumwebrowse tag. If I hard-code root folder path in Address Source binding, its working fine even in testcomplete.
private static CefCustomScheme GetAlmanacScheme(IAppSettings appSettings)
{
try
{
var almanacFolder = appSettings.Settings["ALMANAC_WIDGET_PATH"];
if (string.IsNullOrWhiteSpace(almanacFolder))
{
almanacFolder = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles), "Thermo", "InstConnectAgent", "AlmanacWidget");
}
var factory = new FolderSchemeHandlerFactory(almanacFolder, "thermo", "almanac");
return new CefCustomScheme() { SchemeName = "thermo", SchemeHandlerFactory = factory, IsCorsEnabled = true };
}
catch
{
return null;
}
}
and Source is
private const string WidgetUrl = "thermo://almanac";
public string Source
{
get
{
return WidgetUrl;
}
}
I have a OpenShift Wildfly server. I am building a website with the Spring MVC framework. One of my webpages also uses a WebSocket connection. On the server side, I have used the #ServerEndpoint annotation and javax.websocket.* library to create my websocket:
package com.myapp.spring.web.controller;
import java.io.IOException;
import javax.websocket.OnClose;
import javax.websocket.OnError;
import javax.websocket.OnMessage;
import javax.websocket.OnOpen;
import javax.websocket.Session;
import javax.websocket.server.ServerEndpoint;
import org.springframework.web.socket.server.standard.SpringConfigurator;
#ServerEndpoint(value="/serverendpoint", configurator = SpringConfigurator.class)
public class serverendpoint {
#OnOpen
public void handleOpen () {
System.out.println("JAVA: Client is now connected...");
}
#OnMessage
public String handleMessage (Session session, String message) throws IOException {
if (message.equals("ping")) {
// return "pong"
session.getBasicRemote().sendText("pong");
}
else if (message.equals("close")) {
handleClose();
return null;
}
System.out.println("JAVA: Received from client: "+ message);
MyClass mc = new MyClass(message);
String res = mc.action();
session.getBasicRemote().sendText(res);
return res;
}
#OnClose
public void handleClose() {
System.out.println("JAVA: Client is now disconnected...");
}
#OnError
public void handleError (Throwable t) {
t.printStackTrace();
}
}
OpenShift gives a default URL, so all of my webpages (html files) have the common (canonical) hostname. For the sake of simplicity, I am calling this URL URL A (projectname-domainname.rhclound.com). I created an alias, CNAME, of URL A, which is called URL B (say https://www.mywebsite.tech). URL B is secure, as it has the https.
I am using a JavaScript client to connect to the WebSocket at the path /serverendpoint. The URI I am using in my html webpage file, test.html, is the following:
var wsUri = "wss://" + "projectname-domainname.rhclound.com" + ":8443" + "/serverendpoint";
When I open up URL A (projectname-domainname.rhclound.com/test), the WebSocket connects and everything works fine. However, when I try to connect to the websocket using URL B (https://mywebsite.tech/test), the JavaScript client immediately connects and disconnects.
Here is the message from the console that I receive:
Here is my JavaScript code that connects to the WebSocket:
/****** BEGIN WEBSOCKET ******/
var connectedToWebSocket = false;
var responseMessage = '';
var webSocket = null;
function initWS() {
connectedToWebSocket = false;
var wsUri = "wss://" + "projectname-domainname.rhcloud.com" + ":8443" + "/serverendpoint";
webSocket = new WebSocket(wsUri); // Create a new instance of WebSocket using usUri
webSocket.onopen = function(message) {
processOpen(message);
};
webSocket.onmessage = function(message) {
responseMessage = message.data;
if (responseMessage !== "pong") { // Ping-pong messages to keep a persistent connection between server and client
processResponse(responseMessage);
}
return false;
};
webSocket.onclose = function(message) {
processClose(message);
};
webSocket.onerror = function(message) {
processError(message);
};
console.log("Exiting initWS()");
}
initWS(); //Connect to websocket
function processOpen(message) {
connectedToWebSocket = true;
console.log("JS: Server Connected..."+message);
}
function sendMessage(toServer) { // Send message to server
if (toServer != "close") {
webSocket.send(toServer);
} else {
webSocket.close();
}
}
function processClose(message) {
connectedToWebSocket = false;
console.log("JS: Client disconnected..."+message);
}
function processError(message) {
userInfo("An error occurred. Please contact for assistance", true, true);
}
setInterval(function() {
if (connectedToWebSocket) {
webSocket.send("ping");
}
}, 4000); // Send ping-pong message to server
/****** END WEBSOCKET ******/
After a lot of debugging and trying various things, I concluded that this was problem was occurring because of the Spring Framework. This is because before I introduced the Spring Framework in my project, URL B could connect to the WebSocket, but after introducing Spring, it cannot.
I read on spring's website about WebSocket Policy. I came across their same origin policy which states that an alias, URL B, cannot connect to the WebSocket because it is not the same origin as URL A is. To solve this problem I disabled the same origin policy with WebSockets as said in the documentation, so I added the following code. I thought that doing so would fix my error. Here is what I added:
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer;
#Configuration
public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
#Override
protected boolean sameOriginDisabled() {
return true;
}
}
However, this did not fix the problem, so I added the following method to my ApplicationConfig which extends WebMvcConfigurerAdapter:
#Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("https://www.mywebsite.com");
}
This also didn't work either. Then I tried this:
package com.myapp.spring.security.config;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
#Configuration
public class MyCorsFilter {
// #Bean
// public FilterRegistrationBean corsFilter() {
// System.out.println("Filchain");
// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
// CorsConfiguration config = new CorsConfiguration();
// config.setAllowCredentials(true);
// config.addAllowedOrigin("https://www.mymt.tech");
// config.addAllowedHeader("*");
// config.addAllowedMethod("*");
// source.registerCorsConfiguration("/**", config);
// FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
// bean.setOrder(0);
// System.out.println("Filchain");
// return bean;
// }
#Bean
public CorsFilter corsFilter() {
System.out.println("Filchain");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true); // you USUALLY want this
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
System.out.println("Filchain");
return new CorsFilter(source);
}
}
This also did not work.
I even changed the var wsURI in the JS code to the following:
var wsUri = "wss://" + "www.mywebsite.com" + ":8443" + "/serverendpoint";
Then var wsUri = "wss://" + "mywebsite.com" + ":8443" + "/serverendpoint";
When I did this, the Google Chrome gave me an error, saying that the handshake failed. However, when I have this URL, var wsUri = "wss://" + "projectname-domianname.rhcloud.com" + ":8443" + "/serverendpoint";, I did not get the error that the handshake didn't occur, but I get a message that the connection opened and closed immediately (as seen above).
So how can I fix this?
Have you tried implementing the WebMvcConfigurer and overriding the method addCorsMappings()? If not try this and see.
#EnableWebMvc
#Configuration
#ComponentScan
public class WebConfig implements WebMvcConfigurer {
#Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("GET", "POST")
.allowedHeaders("Origin", "Accept", "Content-Type", "Authorization")
.allowCredentials(true)
.maxAge(3600);
}
}
I don't think it's a CORS issue because it's connected successully before being disconnected. If that's CORS, you can't even connect.
I think it's a communication problem between your DNS & openshift because WebSocket need a persistent connection (long-live) which keeps opening between client & server. If your DNS (e.g. CloudFlare or something like that) does not support / not configured to use WebSocket, the client would be disconnected immediately as in your issue.
I'm trying to access the Azure Elastic Scale Split/Merge tool from an ASP.NET application. I can open the page in my browser after I use the certificate that I uploaded on Azure. But when I try to connect to the page in ASP.NET I keep getting 500 Internal Server Error, even though I used the certificate in my request.
Is there something wrong with the code below? Have I been forgetting something?
var handler = new WebRequestHandler();
handler.ServerCertificateValidationCallback = delegate { return true; };
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.ClientCertificates.Add(Cert); //Cert is the X509Certificate2 I use
using (var client = new HttpClient(handler))
{
try
{
var response = await client.GetAsync(Endpoint); //Endpoint = https://foobar.cloudapp.net/
if (response.IsSuccessStatusCode)
{
var a = response.Content.ReadAsStringAsync();
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw;
}
}
Found where I went wrong. When creating the Certificate I was using the .cer file, but it works now with the .pfx file
I'm working with a programmatically configurated WCF Client (System.ServiceModel.ClientBase). This WCF Client is configured using a CustomBinding, which has a TextMessageEncodingBindingElement by default.
Now when I try to switch to Mtom encoding, I change the Client's Endpoint.Binding property, which works fine. The Endpoint.Binding property show's it has changed.
Unfortunately when I execute one of the methods the WCF service exposes, it still uses TextMessageEncoding and I can't figure out why.
I've got it working though, by constructing a new ClientBase and passing the new EndPointBinding in the constructor:
socialProxy = new SocialProxyClient(SocialProxyClientSettings.SocialProxyMTomEndPointBinding, new EndpointAddress(SocialProxyClientSettings.SocialProxyEndPointAddress));
But when I try this it doesn't work:
socialProxy.Endpoint.Binding = SocialProxyClientSettings.SocialProxyMTomEndPointBinding;
These are my definitions for the EndPointBindings:
public static TextMessageEncodingBindingElement TextMessageEncodingBindingElement
{
get
{
if (_textMessageEncodingBindingElement == null)
{
_textMessageEncodingBindingElement = new TextMessageEncodingBindingElement() { MessageVersion = MessageVersion.Soap11 };
_textMessageEncodingBindingElement.ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
{
MaxDepth = 32,
MaxStringContentLength = 5242880,
MaxArrayLength = 204800000,
MaxBytesPerRead = 5242880,
MaxNameTableCharCount = 5242880
};
}
return _textMessageEncodingBindingElement;
}
}
public static MtomMessageEncodingBindingElement MtomMessageEncodingBindingElement
{
get
{
if (_mtomMessageEncodingBindingElement == null)
{
_mtomMessageEncodingBindingElement = new MtomMessageEncodingBindingElement();
_mtomMessageEncodingBindingElement.MaxReadPoolSize = TextMessageEncodingBindingElement.MaxReadPoolSize;
_mtomMessageEncodingBindingElement.MaxWritePoolSize = TextMessageEncodingBindingElement.MaxWritePoolSize;
_mtomMessageEncodingBindingElement.MessageVersion = TextMessageEncodingBindingElement.MessageVersion;
_mtomMessageEncodingBindingElement.ReaderQuotas.MaxDepth = TextMessageEncodingBindingElement.ReaderQuotas.MaxDepth;
_mtomMessageEncodingBindingElement.ReaderQuotas.MaxStringContentLength = TextMessageEncodingBindingElement.ReaderQuotas.MaxStringContentLength;
_mtomMessageEncodingBindingElement.ReaderQuotas.MaxArrayLength = TextMessageEncodingBindingElement.ReaderQuotas.MaxArrayLength;
_mtomMessageEncodingBindingElement.ReaderQuotas.MaxBytesPerRead = TextMessageEncodingBindingElement.ReaderQuotas.MaxBytesPerRead;
_mtomMessageEncodingBindingElement.ReaderQuotas.MaxNameTableCharCount = TextMessageEncodingBindingElement.ReaderQuotas.MaxNameTableCharCount;
}
return _mtomMessageEncodingBindingElement;
}
}
Can someone explain why changing the Endpoint.Binding programmatically doesn't work?
I believe that during construction of the ClientBase, the original Binding is used to create some helper objects. Changing the binding later does not change those helper objects.
To make any adjustments after construction, you likely need a custom Binding Behavior that you can tweak the internals of the Binding as you need. Use that in the construction so all helper objects are prepared for your later changes. As usual, all you want is one simple behavior change, but you will need to also write the ancillary helper classes to support your one behavior change.
See the SO thread: ONVIF Authentication in .NET 4.0 with Visual Studio 2010
For a discussion of CustomBinding issues.
See the blog post: Supporting the WS-I Basic Profile Password Digest in a WCF Client Proxy
For an example of a custom Behavior that lets you change the Username Token on the fly.
Perhaps something similar can be done to let you control the local endpoint binding on the fly.
UPDATE: More reading here in StackOverflow, and pages it links to and I believe i have found the answer you are looking for.
For PasswordDigestBehavior:
see: ONVIF Authentication in .NET 4.0 with Visual Studios 2010
and: http://benpowell.org/supporting-the-ws-i-basic-profile-password-digest-in-a-wcf-client-proxy/
For local NIC binding:
see: Specify the outgoing IP address to use with WCF client
// ASSUMPTIONS:
// 1: DeviceClient is generated by svcutil from your WSDL.
// 1.1: DeviceClient is derived from
// System.ServiceModel.ClientBase<Your.Wsdl.Device>
// 2: serviceAddress is the Uri provided for your service.
//
private static DeviceClient CreateDeviceClient(IPAddress nicAddress,
Uri serviceAddress,
String username,
String password)
{
if (null == serviceAddress)
throw new ArgumentNullException("serviceAddress");
//////////////////////////////////////////////////////////////////////////////
// I didn't know how to put a variable set of credentials into a static
// app.config file.
// But I found this article that talks about how to set up the right kind
// of binding on the fly.
// I also found the implementation of PasswordDigestBehavior to get it all to work.
//
// from: https://stackoverflow.com/questions/5638247/onvif-authentication-in-net-4-0-with-visual-studios-2010
// see: http://benpowell.org/supporting-the-ws-i-basic-profile-password-digest-in-a-wcf-client-proxy/
//
EndpointAddress serviceEndpointAddress = new EndpointAddress(serviceAddress);
HttpTransportBindingElement httpBinding = new HttpTransportBindingElement();
if (!String.IsNullOrEmpty(username))
{
httpBinding.AuthenticationScheme = AuthenticationSchemes.Digest;
}
else
{
httpBinding.AuthenticationScheme = AuthenticationSchemes.Anonymous;
}
var messageElement = new TextMessageEncodingBindingElement();
messageElement.MessageVersion =
MessageVersion.CreateVersion(EnvelopeVersion.Soap12, AddressingVersion.None);
CustomBinding bind = new CustomBinding(messageElement, httpBinding);
////////////////////////////////////////////////////////////////////////////////
// from: https://stackoverflow.com/questions/3249846/specify-the-outgoing-ip-address-to-use-with-wcf-client
// Adjust the serviceEndpointAddress to bind to the local NIC, if at all possible.
//
ServicePoint sPoint = ServicePointManager.FindServicePoint(serviceAddress);
sPoint.BindIPEndPointDelegate = delegate(
System.Net.ServicePoint servicePoint,
System.Net.IPEndPoint remoteEndPoint,
int retryCount)
{
// if we know our NIC local address, use it
//
if ((null != nicAddress)
&& (nicAddress.AddressFamily == remoteEndPoint.AddressFamily))
{
return new System.Net.IPEndPoint(nicAddress, 0);
}
else if (System.Net.Sockets.AddressFamily.InterNetworkV6 == remoteEndPoint.AddressFamily)
{
return new System.Net.IPEndPoint(System.Net.IPAddress.IPv6Any, 0);
}
else // if (System.Net.Sockets.AddressFamily.InterNetwork == remoteEndPoint.AddressFamily)
{
return new System.Net.IPEndPoint(System.Net.IPAddress.Any, 0);
}
};
/////////////////////////////////////////////////////////////////////////////
DeviceClient client = new DeviceClient(bind, serviceEndpointAddress);
// Add our custom behavior
// - this requires the Microsoft WSE 3.0 SDK file: Microsoft.Web.Services3.dll
//
PasswordDigestBehavior behavior = new PasswordDigestBehavior(username, password);
client.Endpoint.Behaviors.Add(behavior);
return client;
}