Adobe Flash Player 10.3  -  Bug 2926796

Created on Monday, July 25, 2011

Login for more options

Title

[Platform_Windows][JIRA FP-78] Networking stack problem: HTTP Headers not inherited in filereference.upload from flash movie running in browser

Description

Steps to reproduce: This is hard to explain.

1. I use Tomcat with realm auhentication (based on cookies)
2. I use URLLoader to get some XML data with Struts Action handlers
it is usual to set headers to disable cache in the browser like this:
response.setHeader("Cache-Control","no-store"); // for HTTP1.1
response.setHeader("Pragma","no-cache"); // for HTTP 1.0
response.setDateHeader ("Expires", 0); // for proxy

3. I use FileReference to upload a file

Actual Results:
- when Tomcat set "Pragma: no-cache" on url used by URLLoader, FileReference won't work when I upload a file
- When I force to an empy string: "Pragma: ", FileRerence work !
note: I created a J2EE filter to set the header like this:

response.setHeader("Cache-Control","no-store"); // I must use this to prevent response caching in HTTP 1.1
response.setDateHeader ("Expires", 0); // for proxy
response.setHeader("Pragma","");

Original JIRA report link: http://bugs.adobe.com/jira/browse/FP-78 [120 votes]

Expected Results:
FileReference should work even "Pragma: no-cache" is set on the server.

Workaround (if any):
Here are some workarounds that we have collected from previous discussions, that you can try (I also provided sample code as attachment)
1. From Ed Chipman: Best ways I've found to get around this with PHP is either ask the server for the session id before uploading, or pull it from the browser using ExternalInterface. Then just pass it along in a query string and in your handler call session_id(whatever your query string variable is) before starting the session. Oh and don't regenerate the session id in the handler because it appears that FileReference.upload() does not update the browser's cookies either.
2. From jaume Mussons Abad: There's a workaround if you want to upload files, but with this method you won't be able to show the upload progress:
1 - open the file with filereference
2 - get the file data into a bytearray
3 - encode the bytearray with base 64 encoder
4 - send the file via a post variable to your server

I attached the workaround test files and I hope this helps.



Note:
When FileReference fail on "error #2038", the Server is never reach by the Flash player.
..

Test Configuration

App Language(s) English
OS Language(s) English
Platform(s) Mac All, Win All
Browser(s)

Notes (13)

  • Zhe Wang

    11:59:38 PM GMT+00:00 Nov 5, 2012

    closed

  • Hitomi Kudo

    4:27:22 PM GMT+00:00 Apr 17, 2012

    Sorry for keep you waiting for LONG time. We know this is #1 request by Flash developers but couldn't squeeze in this fix yet because it's very sensitive area plus it require careful integration per browser. We tried fixing internally and failed, caused sever side effect, while ago. Please keep us posted how important this fix is and I keep forwarding your voice to the project team.

  • matteosistisette

    1:54:48 AM GMT+00:00 Mar 10, 2012

    When you say it is "fixed in Windows" I guess you mean it is fixed in Internet Explorer, because it is NOT FIXED in Firefox nor Chrome for Windows.

    A bug is either completely fixed or it is not fixed. There's no "not finally fixed".

  • Xia Rao

    3:27:59 AM GMT+00:00 Jan 18, 2012

    Here are some workarounds that we have collected from previous discussions, that you can try (I also provided sample code as attachment)
    1. From Ed Chipman: Best ways I've found to get around this with PHP is either ask the server for the session id before uploading, or pull it from the browser using ExternalInterface. Then just pass it along in a query string and in your handler call session_id(whatever your query string variable is) before starting the session. Oh and don't regenerate the session id in the handler because it appears that FileReference.upload() does not update the browser's cookies either.
    2. From jaume Mussons Abad: There's a workaround if you want to upload files, but with this method you won't be able to show the upload progress:
    1 - open the file with filereference
    2 - get the file data into a bytearray
    3 - encode the bytearray with base 64 encoder
    4 - send the file via a post variable to your server

    I attached the workaround test files and I hope this helps.

    Thanks a lot.

  • fazdevils

    1:30:33 PM GMT+00:00 Oct 25, 2011

    I'm also experiencing this issue where file upload fails. We require a security cookie which is not being passed on the request. I'm running chrome and version 11,0,1,152 of the Flash player.

    In IE, this works.

    This is a real deal breaker for my company. We and 20+ Flex developers are seriously contemplating a move to AJAX. How can you have an enterprise level RIA without an ability to upload content to a server? Unbelievable! The people at my company who made the call to use the Flex solution are under serious fire because of the investments we've made in tooling and training only to discover this fatal flaw in the heart of the system.

    Is there no workaround?

  • Xia Rao

    10:15:13 PM GMT+00:00 Sep 21, 2011

    Hi all,
    I was added wrong link in JIRA bug FP-201 which causes unexpected votes traffic to this bug, which is "“the session cookie doesn't get added to the upload request" . The latest status of this issue is that we had fix on Windows, but Firefox on Mac still has issue. I will keep this issue as ToTrack till we have a completed fix.

    Another issue that I just mentioned was originally reported in JIRA FP-201, "HTTPS FileReference upload issue here" , I have created another bug in this bug base for tracking.
    https://bugbase.adobe.com/index.cfm?event=bug&id=2980517
    I also manually copied some votes info for this issue to 2980517 as well.

    We understand the importance for these issues and inconvenience that may bring to you. I will keep you updated with our progress for these issues.

  • Xia Rao

    3:27:45 AM GMT+00:00 Aug 12, 2011

    Hi,
    Thanks for reporting to Adobe. We are investigating this issue as high priority and We will give response for this problem ASAP.

  • ender121

    11:36:05 AM GMT+00:00 Aug 5, 2011

    Just tried it on Firefox 3.6.3 on Windows using the beta from

    http://labs.adobe.com/technologies/flashplatformruntimes/

    (version 11.0.1.60)

    FileReference.upload() did not work.

    Using Internet Explorer 8.0.6001.18702 on Windows with Flash 10.1.85.3 it works fine.

    This is the same behavior that I have seen for the last 2+ years. In all this time, I have told my customers to use IE when they need to upload a file and that Adobe is working on fixing the problem for Firefox. I'd just about given up on this ever being fixed when I saw this on Jira:

    Qingyan zhu
    Good news, we just fixed the bug. This should see the light in the next major Flash Player release.

    I couldn't believe it! They finally fixed it! Yay!

    Oh well, I guess not. What a joke.

  • xia rao

    5:05:29 AM GMT+00:00 Jul 28, 2011

    Hi Wimpie,
    Can you try with Flash Player 11 beta release?
    You can download it from here:
    http://labs.adobe.com/technologies/flashplatformruntimes/

    Thanks a lot,
    Xia

  • Wimpie

    4:18:59 AM GMT+00:00 Jul 28, 2011

    Fixed? No, this is not fixed at all. Tried it with Chrome on XP, and the upload is still missing the headers.

  • Wimpie

    4:10:26 AM GMT+00:00 Jul 28, 2011

    Fixed? No, this is not fixed at all. Tried it with Chrome on XP, and the upload is still missing the headers.

  • xia rao

    11:06:53 PM GMT+00:00 Jul 26, 2011

    This bug has been fixed with Windows and Mac/Safari, but not fixed with Mac/Firefox5 in next Flash Player release. So it can be called "not finally fixed".

  • ChivertonT

    11:09:42 AM GMT+00:00 Jul 26, 2011

    On the original Jira bug we had :

    Thibault Imbert
    We are finishing this right now and it should see the light in the next major release.

    Qingyan zhu
    Good news, we just fixed the bug. This should see the light in the next major Flash Player release.

    xia rao
    Thanks for your reporting. Unfortunately we couldn't fix this bug for near future release.

    So, is this fixed or not ? How many other bugs I might not be subscribed to have had their status incorrectly copied ?

Duplicate ID
Reported By Xia Rao

Status

State Closed
Status Withdrawn
Reason

Importance

Priority 3-High
Frequency Some users will encounter
Failure Type Incorrectly Functioning
Product Area Browser Integration

Build

Found In Build 10.3.181.34
Fixed In Build

Attachments (1)

Votes (39)

  • csports88

    1:00:15 PM GMT+00:00 Nov 14, 2012

    Why was this closed without a fix? This bug is impacting our product.

  • mikko.torniainen

    5:31:24 AM GMT+00:00 Nov 8, 2012

    Please fix. This is very important.

  • Martin Grimm

    6:56:31 AM GMT+00:00 Jul 2, 2012

    Attachment functionality in LiveCycle Workspace (as included with LiveCycle Process Management) only working in IE on a secure channel is very hard to sell to our customers in banking and insurance and other areas with security issues. Please fix and/or implement a workaround in LiveCycle Workspace.

  • jove_shi

    8:13:56 PM GMT+00:00 Jun 7, 2012

    This is a pretty long history bug, please fix!

  • netphreak

    10:21:54 AM GMT+00:00 Apr 1, 2012

    Come on, lots of developers need a fix for this!!!!

  • matteosistisette

    1:51:53 AM GMT+00:00 Mar 10, 2012

    Known since 2008, breaks practically any application using upload, and this is STILL THERE. F***ing unbelievable.

  • Visik7

    12:36:22 PM GMT+00:00 Feb 2, 2012

    this Bug is still alive since 04/10/08 (old bug track) and still no fix
    This is an absurdity. Is for this and other idiotic flash bugs that This platform will die

  • dafox_82_

    8:03:20 AM GMT+00:00 Jan 10, 2012

    This issue is an issue when trying to use flash when uploading documents with SSO authentication

  • djnokturnal

    9:22:26 AM GMT+00:00 Dec 22, 2011

    I am blown away this bug still remains... why has this not been solved?

  • Mitek17

    10:00:07 AM GMT+00:00 Nov 10, 2011

    Impossible to upload files during the secure session

  • waldmanm

    2:24:57 PM GMT+00:00 Oct 27, 2011

    I'm providing a subscription service and a customer just caught me off guard that they cannot upload files using Firefox. Waiting over 3 years for a fix for this crucial omission is unacceptable.
    At least post here suggestion or pointers to some workarounds.

  • fazdevils

    1:32:59 PM GMT+00:00 Oct 25, 2011

    This is a real deal breaker for my company. We have 20+ Flex developers and are seriously contemplating a move to AJAX. How can you have an enterprise level RIA without an ability to upload content to a server? Unbelievable! The people at my company who made the call to use the Flex solution are under serious fire because of the investments we've made in tooling and training only to discover this fatal flaw in the heart of the system.

  • AlecUnfug

    5:46:40 PM GMT+00:00 Oct 14, 2011

    Honestly. Adobe GET A CLUE. Its bugs like this that are causing developers to believe that Flash is just a toy.

  • ah hoi

    1:26:53 AM GMT+00:00 Oct 8, 2011

    Failure type of this bug should be "Security Issue" and priority should be "5-ASAP-Build/Ship Stopper".

  • Matthew Couch

    1:48:19 PM GMT+00:00 Sep 29, 2011

    Flash isn't cross-browser compatible if this feature only works via Javascript hacks

  • kohjr84

    4:48:05 AM GMT+00:00 Sep 8, 2011

    Any resolution till date?

  • lmeunier-atolcd

    3:36:45 AM GMT+00:00 Aug 30, 2011

    I want to be able to use flash in alfresco share for file upload. Thanks

  • praksant

    9:38:33 AM GMT+00:00 Aug 25, 2011

    I can't believe it still isn't fixed. You made so many unnecessary features, but don't care about really critical issues. I feel i wasted last 3 years developing for this immature platform.

  • ender121

    11:18:19 AM GMT+00:00 Aug 5, 2011

    This is core functionality which is completely broken on browsers that cover a huge segment of users. I'd say that makes it pretty important.

  • stu000

    10:51:10 AM GMT+00:00 Aug 3, 2011

    It is ridiculous that 2.5 years after this bug was reported, Adobe have STILL not resolved the issue. It's not like this is a cosmetic issue - In Firefox, Flash sends IE cookies when uploading a file?! That is a security issue and should have received a much higher priority. Adobe, with this kind of support you aren't exactly winning hearts and minds.

  • skyfredox

    2:33:13 PM GMT+00:00 Aug 2, 2011

    I want to be able to use flash in alfresco share for file upload. Thanks

  • ibrahim.chahid

    7:50:17 AM GMT+00:00 Aug 2, 2011

    It's a huge problem ! We develop a webapplication for 3 years, and this fixe will allow us to remove dirties workaround !

  • chemonesg

    11:16:09 PM GMT+00:00 Jul 31, 2011

    need this to solve for the Alfresco CMS

  • aikrez

    11:22:02 PM GMT+00:00 Jul 28, 2011

    Causes problems using the flash uploader in Alfresco with sso.

  • Aaron Kelley

    7:45:11 PM GMT+00:00 Jul 27, 2011

    Running into this issue with a web application that I'm working on. A long-standing issue that I'd love to see fixed.

  • Condo2d

    2:51:05 PM GMT+00:00 Jul 27, 2011

    This bug prevents me from using Flash Uploader in any corporate environment that uses web based SSO type authentication, such as mine. This is having a huge impact on the roll out of an application that utilizes your technology. Developers expect behavior consistent with standard practices when selecting tools to utilize. To have a bug of this character and magnitude active in the product casts a shadow on the quality of the company and puts organizations in a lurch by catching them by surprise.

  • rjaffeist

    12:12:48 PM GMT+00:00 Jul 26, 2011

    +1 to ucbian regarding our campus's Alfresco-based service

  • Hamilton, Scott J

    6:41:50 AM GMT+00:00 Jul 26, 2011

    This seems to be the catch-all bug for headers and cookies not being sent along with the FF HTTPS file upload request.

    This is MASSIVELY impacting folks... how can you claim to have a secure web site that allows file upload when your file upload process won't send through session IDs, SSO cookies/headers, load balancing cookies/headers, etc?

  • droopy6

    5:23:55 AM GMT+00:00 Jul 26, 2011

    Well, Flex is used for Professional RIA, and Professional RIA use file upload with authentification based on cookies. So this is a MAJOR issue of course. I know
    some guys who would reject Flex only for this kind of bug.

  • hex07ff

    5:22:59 AM GMT+00:00 Jul 26, 2011

    This is very important as it affects upload security and scalability.

  • UCBIan

    4:39:07 AM GMT+00:00 Jul 26, 2011

    As it affects security in our Alfresco instance, we're very interested in getting ths fixed ASAP...

  • david.ward

    2:31:00 AM GMT+00:00 Jul 26, 2011

    When you cut over from http://bugs.adobe.com/jira/browse/FP-1044 you seem to have lost record of the severity and impact of this bug. The point is cookies are not propagated by Flash (never mind the SSL session) and thus it doesn't play by the rules of other web plugins and can't participate in the browser's session.

    At Alfresco, we have been waiting for you to fix this bug for over two years. See
    http://issues.alfresco.com/jira/browse/ALF-1078 and bugs related to it. Because of this we may have to reconsider our use of Flash technology and as it is we have to disable it on some web servers. I will be urging all readers to vote on this bug. Come on guys, wake up!

  • Wimpie

    1:42:37 AM GMT+00:00 Jul 26, 2011

    VERY important bug. This should have been fixed years ago.

  • JaumeMussons

    12:36:45 AM GMT+00:00 Jul 26, 2011

    the bug is increibly big, you should have fixed it yesterday

  • lfbayer

    11:10:49 PM GMT+00:00 Jul 25, 2011

    This bug requires me to have a javascript hack just to perform uploads in my app.

  • chris54321

    12:38:17 AM GMT+00:00 Jul 25, 2011

    it is not important, since we change technology
    here that since 2008

  • stoem

    12:35:53 AM GMT+00:00 Jul 25, 2011

    I don't understand this new system. This bug already had 80 watchers and 120 votes... Requiring us all to vote and explain ourselves here once more gives me the impression that Adobe has us running around in circles. Very frustrating.

  • ChivertonT

    12:31:56 AM GMT+00:00 Jul 25, 2011

    Vote must be between 25 and 4000 characters

  • Konstantin Kovalev

    12:31:25 AM GMT+00:00 Jul 25, 2011

    Very very very very very very very very very very (is here 25 symbols? I think yes) important.

Your session has expired! Click to login
Current form data will be preserved

Cancel