RE: Royale & Netbeans
Hi all, many thanks for the hints to all fo you, I will try one/both of those. Regards, Petr -Original Message- From: Piotr Zarzycki Sent: Monday, September 14, 2020 5:47 PM To: users@flex.apache.org Subject: Re: Royale & Netbeans Petr, It would be just an theory from my sight. If you go with direction where your application is being build by script oriented build system which we support (Apache Maven or Apache Ant), then you can I believe open project as AS3/Flex one and build by Maven or Ant. Not sure if you get support from intellisense. ;) However do recommend you what is being right now under heavy support Moonshine or VSCode. Thanks, Piotr pon., 14 wrz 2020 o 17:00 Carlos Rovira napisał(a): > Hi Petr, > > as Piotr says we didn't hear of anybody using Netbeans. I personally > don't have experience with that IDE, and don't know how hard it could > be to make it work. Maybe it could be complicated since in Flex days I > didn't see anyone using it, so maybe could be the same for Royale. > Anyway, if you see some way we'll be glad to hear about it. > In case you don't succeed I think the better options are what Piotr > already exposed. > > Thanks > > El lun., 14 sept. 2020 a las 16:40, Piotr Zarzycki (< > piotrzarzyck...@gmail.com>) escribió: > > > Hi Petr, > > > > Unfortunately I haven't heard that anyone adopt Netbeans for Royale. > > Why not try Moonshine or VSCode ? > > > > Thanks, > > Piotr > > > > pon., 14 wrz 2020 o 16:38 Petr Nemecek napisał(a): > > > > > Hello, > > > > > > we're about to kick out a new project, Royale seems to be the way > > > to > go. > > > > > > Could we use the not-fancy-but-good-proven-hammer Netbeans, please? > > > > > > Many thanks, > > > Petr > > > > > > > > > > -- > > > > Piotr Zarzycki > > > > > -- > Carlos Rovira > http://about.me/carlosrovira > -- Piotr Zarzycki
Royale & Netbeans
Hello, we're about to kick out a new project, Royale seems to be the way to go. Could we use the not-fancy-but-good-proven-hammer Netbeans, please? Many thanks, Petr
RE: [Discussion] Life after FlashPlayer
Hi Olaf, there were two factors: 1) Confidence to Adobe like you mentioned, plus feeling, that Google/Apple do whatever they want, and eventhough the AIR might be very succesfull on mobile, they will find a way how to kick it out, if they will decide to do so. And when it is not on mobile, it is dead. Btw Adobe does not promote AIR at all, at least I cannot hear anything. 2) We have few CPU intesive parallell algorithms in our app (check rinkai dot cz), which are written in Java and being run on the server. When we started 15 years ago, there was just one slow CPU on a normal desktop, and we had to run it on the server. That has changed, it is common to have 4-8 cores on a desktop, which are faster than the ones on the server, so we will move the algorithm run onto the desktop client. Regards, Petr -Original Message- From: Olaf Krueger Sent: Wednesday, May 2, 2018 10:18 AM To: users@flex.apache.org Subject: Re: [Discussion] Life after FlashPlayer @Petr Nemecek >We've decided to go to Java (back to roots)... Hi Petr, I just wonder why you don't just move to AIR? Is it "just" because you have lost all confidence in Adobe? Thanks, Olaf -- Sent from: http://apache-flex-users.246.n4.nabble.com/
RE: Life after FlashPlayer, are you prepared?
Hi, we'd love to stay in the browser, but the browser area is still wild west, all the technolgies/frameworks availabe (we tried many) are not capable of doing what we need (and what works in Flex/FlashPlayer out of the box), or don't work properly, or rely on one dude, so we (unfortunatelly) decided to go out of the browser. As our customers are businesses, it hopefully will not be that painful. We've already started migration, we need 2018+2019 for coding, and 2020 for switching the users. We've decided to go to Java (back to roots), as we believe, it will be alive in 10+ years. With all those fancy voids we are not sure about it, and our customers are not ready to pay for migrating the app every second year. Regards, Petr -Original Message- From: Olaf Krueger Sent: Monday, April 30, 2018 9:26 PM To: users@flex.apache.org Subject: Life after FlashPlayer, are you prepared? Hello from the Apache Royale (FlexJS) team, even if Flex with AIR is still an awesome and outstanding technology, Flex in the browser ends with the end of FlashPlayer in 2020. To be clear: There will be no way to run your Flex apps in current browser versions around 2020! The Flex mailing lists are followed by a few hundred people and we assume that there are still a lot of Flex browser apps out there. So, we are really interested in what you are planning to do with your Flex apps, e.g. - Do you need to stick with the browser at all? - Do you plan to migrate your Flex apps to whatever other technology? - Did you already migrate your Flex apps to whatever other technology? - ... If you are reading this post and have a Flex app, please speak up about what your plans are! Thanks, The Apache Royale (FlexJS) team -- Sent from: http://apache-flex-users.246.n4.nabble.com/
FlexJS venue videos?
Hi all, are the videos from FlexJS venue on YouTube or somewhere else already? Many thanks, Petr
RE: Getting user's locale settings
Hi, I use the code below. Petr var lang:String = Capabilities.language!="xu" ? Capabilities.language : GetBrowserLanguage(); public static function GetBrowserLanguage():String { var result:String = ""; try { var language:String = ExternalInterface.call("function(){return (navigator.language ? navigator.language : (navigator.userLanguage ? navigator.userLanguage : ''));}"); if (language.length > 1) { result = language.substr(0,2); } } catch (error:Error) { // nothing to do... } return result; } -Original Message- From: Harbs [mailto:harbs.li...@gmail.com] Sent: Wednesday, December 02, 2015 8:48 PM To: users@flex.apache.org Subject: Re: Getting user's locale settings In AIR you could use Capabilities.languages In Flash you have Capabilities.language, but that's not as good. On Dec 2, 2015, at 9:32 PM, mark goldin wrote: > Is it possible to get into a Flex application user's locale settings > such as a current OS's language? > > Thanks
RE: [Anounce] Apache Flex BlazeDS 4.7.0 released
Hello, I have a questions to the BlazeDS binaries. As I use Tomcat 8, should I use flex-messaging-opt-tomcat7-4.7.0.jar, or a new jar compiled for Tomcat 8 is needed? Many thanks, Petr -Original Message- From: Christofer Dutz [mailto:christofer.d...@c-ware.de] Sent: Wednesday, April 08, 2015 4:01 PM To: users@flex.apache.org Subject: AW: [Anounce] Apache Flex BlazeDS 4.7.0 released Hi Petr, Happy to say that they are already out there. As BlazeDS was released using Maven, they are located in Maven-Central. Here come the links: http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-remoting/4.7.0/flex-messaging-remoting-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-proxy/4.7.0/flex-messaging-proxy-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-core/4.7.0/flex-messaging-core-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-common/4.7.0/flex-messaging-common-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-opt-tomcat4/4.7.0/flex-messaging-opt-tomcat4-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-opt-tomcat6/4.7.0/flex-messaging-opt-tomcat6-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-opt-tomcat7/4.7.0/flex-messaging-opt-tomcat7-4.7.0.jar Chris Von: Petr Nemecek Gesendet: Mittwoch, 8. April 2015 10:46 An: users@flex.apache.org Betreff: RE: [Anounce] Apache Flex BlazeDS 4.7.0 released Dear all, any plan to offer BlazeDS binaries for download? Less sophisticated users (like me) would love it... Many thanks, Petr -Original Message- From: Christofer Dutz [mailto:christofer.d...@c-ware.de] Sent: Tuesday, March 17, 2015 6:44 PM To: annou...@apache.org; users@flex.apache.org Subject: [Anounce] Apache Flex BlazeDS 4.7.0 released The Apache Flex team is pleased to annonce the release of Apache Flex BlazeDS 4.7.0. Apache Flex BlazeDS is the server-based Java remoting and web messaging technology that enables developers to easily connect to back-end distributed data and push data in real-time to Adobe(r) Flex(r) and Adobe AIR(tm) applications for more responsive rich Internet application (RIA) experiences.. Apache Flex BlazeDS 4.7 is the initial release of BlazeDS from the Apache Software Foundation. Prior to this, releases were provided by Adobe Systems Inc. It is compatible with most code written to target Adobe Flex 4.6. The source packages can be downloaded from http://www.us.apache.org/dist/flex/BlazeDS/4.7.0/ or one of Apache's mirror sites. Maven artifacts have been published to Apaches Maven Repository (https://repository.apache.org/content/repositories/releases/org/apache/flex /blazeds/) and are available from Maven Central. For detailed information about Apache Flex please visit http://flex.apache.org/
RE: [Anounce] Apache Flex BlazeDS 4.7.0 released
Sorry, I have one more question. I have flex-rds-server.jar in my old BlazeDS set of jars. Is this not needed any more? Thank you, Petr -Original Message- From: Petr Nemecek [mailto:p...@cmail.cz] Sent: Friday, April 17, 2015 9:55 AM To: 'users@flex.apache.org' Subject: RE: [Anounce] Apache Flex BlazeDS 4.7.0 released Hello, I have a questions to the BlazeDS binaries. As I use Tomcat 8, should I use flex-messaging-opt-tomcat7-4.7.0.jar, or a new jar compiled for Tomcat 8 is needed? Many thanks, Petr -Original Message- From: Christofer Dutz [mailto:christofer.d...@c-ware.de] Sent: Wednesday, April 08, 2015 4:01 PM To: users@flex.apache.org Subject: AW: [Anounce] Apache Flex BlazeDS 4.7.0 released Hi Petr, Happy to say that they are already out there. As BlazeDS was released using Maven, they are located in Maven-Central. Here come the links: http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-remoting/4.7.0/flex-messaging-remoting-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-proxy/4.7.0/flex-messaging-proxy-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-core/4.7.0/flex-messaging-core-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-common/4.7.0/flex-messaging-common-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-opt-tomcat4/4.7.0/flex-messaging-opt-tomcat4-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-opt-tomcat6/4.7.0/flex-messaging-opt-tomcat6-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-opt-tomcat7/4.7.0/flex-messaging-opt-tomcat7-4.7.0.jar Chris Von: Petr Nemecek Gesendet: Mittwoch, 8. April 2015 10:46 An: users@flex.apache.org Betreff: RE: [Anounce] Apache Flex BlazeDS 4.7.0 released Dear all, any plan to offer BlazeDS binaries for download? Less sophisticated users (like me) would love it... Many thanks, Petr -Original Message- From: Christofer Dutz [mailto:christofer.d...@c-ware.de] Sent: Tuesday, March 17, 2015 6:44 PM To: annou...@apache.org; users@flex.apache.org Subject: [Anounce] Apache Flex BlazeDS 4.7.0 released The Apache Flex team is pleased to annonce the release of Apache Flex BlazeDS 4.7.0. Apache Flex BlazeDS is the server-based Java remoting and web messaging technology that enables developers to easily connect to back-end distributed data and push data in real-time to Adobe(r) Flex(r) and Adobe AIR(tm) applications for more responsive rich Internet application (RIA) experiences.. Apache Flex BlazeDS 4.7 is the initial release of BlazeDS from the Apache Software Foundation. Prior to this, releases were provided by Adobe Systems Inc. It is compatible with most code written to target Adobe Flex 4.6. The source packages can be downloaded from http://www.us.apache.org/dist/flex/BlazeDS/4.7.0/ or one of Apache's mirror sites. Maven artifacts have been published to Apaches Maven Repository (https://repository.apache.org/content/repositories/releases/org/apache/flex /blazeds/) and are available from Maven Central. For detailed information about Apache Flex please visit http://flex.apache.org/
RE: [Anounce] Apache Flex BlazeDS 4.7.0 released
Cool, thanks! Petr -Original Message- From: Christofer Dutz [mailto:christofer.d...@c-ware.de] Sent: Wednesday, April 08, 2015 4:01 PM To: users@flex.apache.org Subject: AW: [Anounce] Apache Flex BlazeDS 4.7.0 released Hi Petr, Happy to say that they are already out there. As BlazeDS was released using Maven, they are located in Maven-Central. Here come the links: http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-remoting/4.7.0/flex-messaging-remoting-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-proxy/4.7.0/flex-messaging-proxy-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-core/4.7.0/flex-messaging-core-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-common/4.7.0/flex-messaging-common-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-opt-tomcat4/4.7.0/flex-messaging-opt-tomcat4-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-opt-tomcat6/4.7.0/flex-messaging-opt-tomcat6-4.7.0.jar http://search.maven.org/remotecontent?filepath=org/apache/flex/blazeds/flex- messaging-opt-tomcat7/4.7.0/flex-messaging-opt-tomcat7-4.7.0.jar Chris Von: Petr Nemecek Gesendet: Mittwoch, 8. April 2015 10:46 An: users@flex.apache.org Betreff: RE: [Anounce] Apache Flex BlazeDS 4.7.0 released Dear all, any plan to offer BlazeDS binaries for download? Less sophisticated users (like me) would love it... Many thanks, Petr -Original Message- From: Christofer Dutz [mailto:christofer.d...@c-ware.de] Sent: Tuesday, March 17, 2015 6:44 PM To: annou...@apache.org; users@flex.apache.org Subject: [Anounce] Apache Flex BlazeDS 4.7.0 released The Apache Flex team is pleased to annonce the release of Apache Flex BlazeDS 4.7.0. Apache Flex BlazeDS is the server-based Java remoting and web messaging technology that enables developers to easily connect to back-end distributed data and push data in real-time to Adobe(r) Flex(r) and Adobe AIR(tm) applications for more responsive rich Internet application (RIA) experiences.. Apache Flex BlazeDS 4.7 is the initial release of BlazeDS from the Apache Software Foundation. Prior to this, releases were provided by Adobe Systems Inc. It is compatible with most code written to target Adobe Flex 4.6. The source packages can be downloaded from http://www.us.apache.org/dist/flex/BlazeDS/4.7.0/ or one of Apache's mirror sites. Maven artifacts have been published to Apaches Maven Repository (https://repository.apache.org/content/repositories/releases/org/apache/flex /blazeds/) and are available from Maven Central. For detailed information about Apache Flex please visit http://flex.apache.org/
RE: [Anounce] Apache Flex BlazeDS 4.7.0 released
Dear all, any plan to offer BlazeDS binaries for download? Less sophisticated users (like me) would love it... Many thanks, Petr -Original Message- From: Christofer Dutz [mailto:christofer.d...@c-ware.de] Sent: Tuesday, March 17, 2015 6:44 PM To: annou...@apache.org; users@flex.apache.org Subject: [Anounce] Apache Flex BlazeDS 4.7.0 released The Apache Flex team is pleased to annonce the release of Apache Flex BlazeDS 4.7.0. Apache Flex BlazeDS is the server-based Java remoting and web messaging technology that enables developers to easily connect to back-end distributed data and push data in real-time to Adobe(r) Flex(r) and Adobe AIR(tm) applications for more responsive rich Internet application (RIA) experiences.. Apache Flex BlazeDS 4.7 is the initial release of BlazeDS from the Apache Software Foundation. Prior to this, releases were provided by Adobe Systems Inc. It is compatible with most code written to target Adobe Flex 4.6. The source packages can be downloaded from http://www.us.apache.org/dist/flex/BlazeDS/4.7.0/ or one of Apache's mirror sites. Maven artifacts have been published to Apaches Maven Repository (https://repository.apache.org/content/repositories/releases/org/apache/flex /blazeds/) and are available from Maven Central. For detailed information about Apache Flex please visit http://flex.apache.org/
RE: BlazeDS in Tomcat behind IIS
Hi, I've already found what was the problem. It was about jsessionid cookie. It was properly generated on Tomcat side upon first request, went nicely through IIS back to the browser, but was not send along with the next request from the browser to the IIS/Tomcat. The reason why it was not send back was its Path. It arrived to the browser with Path=/webappname/, but my calls from swf were to www.abc.eu/tomcat/xyz, which was rewriten by IIS to localhost:8080/webappname/xyz. As /tomcat/ is different as /webappname/, browsers doesn't send the cookie, and that's it. Petr -Ursprüngliche Nachricht- Von: Petr Nemecek [mailto:p...@cmail.cz] Gesendet: Montag, 2. März 2015 16:11 An: users@flex.apache.org Betreff: BlazeDS in Tomcat behind IIS Hi, I have a Flex app that uses BlazeDS (4.0.0.14931) to communicate with Java classes. Swf is served by IIS (port 443) and communicates directly with Tomcat (port 8443). What I would like to do is to use IIS as a proxy, so that swf communicates with Tomcat via IIS, i.e. all communication goes through one port (443). I've installed Application Request Routing and URL rewrite to IIS and now I'm able to make that almost happen... When I make a first call from swf, it goes through nicely, but second call fails with following: faultString: 'Send failed' faultDetail: 'Channel.Ping.Failed error Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly.' Any idea, where should I enable those session cookies? In Tomcat? In IIS? Where exactly? Many thanks, Petr
RE: BlazeDS in Tomcat behind IIS
I have no clue what I need from IIS technically, I just want it to handover the request to Tomcat and then handover the Tomcats response back to the client. The main reason for that is, that Tomcat is vulnerable to Slow HTTP attack, and the Tomcat developers don't consider this as a bug. So my goal is to hide Tomcat behind IIS, which is not vulnerable to this attack. Thanks anyway, Petr P.S.1. I'm looking forward for the new BlazeDS! P.S.2. Keep up doing this great job of moving all Flex related stuff to Apache and moving it forward. -Original Message- From: Christofer Dutz [mailto:christofer.d...@c-ware.de] Sent: Monday, March 02, 2015 9:30 PM To: users@flex.apache.org Subject: AW: BlazeDS in Tomcat behind IIS Are you trying to tunnel a Streaming or Long Polling channel through IIS? This could be a problem as is with using the Tomcat -> Apache AJP connector. The problem is that these connectors don't quite know when to flush their buffers. As I have heard the new AJP connectors are able to handle Streaming connections as the support for WebSockets has needed the same adjustments, don't know how this is with the IIS connectors. Chris PS: If all goes well you could update to Apache Flex BlazeDS 4.7.0 by the end of the week ... as we are currently in the process of releasing it. Looking good at the moment. -Ursprüngliche Nachricht- Von: Petr Nemecek [mailto:p...@cmail.cz] Gesendet: Montag, 2. März 2015 16:11 An: users@flex.apache.org Betreff: BlazeDS in Tomcat behind IIS Hi, I have a Flex app that uses BlazeDS (4.0.0.14931) to communicate with Java classes. Swf is served by IIS (port 443) and communicates directly with Tomcat (port 8443). What I would like to do is to use IIS as a proxy, so that swf communicates with Tomcat via IIS, i.e. all communication goes through one port (443). I've installed Application Request Routing and URL rewrite to IIS and now I'm able to make that almost happen... When I make a first call from swf, it goes through nicely, but second call fails with following: faultString: 'Send failed' faultDetail: 'Channel.Ping.Failed error Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly.' Any idea, where should I enable those session cookies? In Tomcat? In IIS? Where exactly? Many thanks, Petr
BlazeDS in Tomcat behind IIS
Hi, I have a Flex app that uses BlazeDS (4.0.0.14931) to communicate with Java classes. Swf is served by IIS (port 443) and communicates directly with Tomcat (port 8443). What I would like to do is to use IIS as a proxy, so that swf communicates with Tomcat via IIS, i.e. all communication goes through one port (443). I've installed Application Request Routing and URL rewrite to IIS and now I'm able to make that almost happen... When I make a first call from swf, it goes through nicely, but second call fails with following: faultString: 'Send failed' faultDetail: 'Channel.Ping.Failed error Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly.' Any idea, where should I enable those session cookies? In Tomcat? In IIS? Where exactly? Many thanks, Petr
RE: Users of Apache Flex
Hi, we use is for transport optimization software (vehicle routing problem) with Java backend. Petr -Original Message- From: Michael Astudillo [mailto:mastudi...@austrosoft.com.ec] Sent: Friday, December 12, 2014 4:38 PM To: users@flex.apache.org Subject: Users of Apache Flex Hi comunity, In my interest to know who use, old and that kind of projects apache flex is used, because is very important for my work to determinate the future of the tool (Apache Flex), This work is part of my master degree. Thanks. -- Saludos Cordiales Ing. Michael Astudillo NOTA SOBRE CONFIDENCIALIDAD: La información contenida en este e-mail es confidencial y sólo puede ser utilizada por la persona natural o jurídica, a la cual está dirigido. En el evento, que el receptor no sea la persona autorizada cualquier retención, difusión, distribución o copia de éste mensaje está prohibida y será sancionada por la ley". CONFIDENTIALITY NOTE: The information contained in this e-mail is confidential and is intended only for the use of the address(es) named above. If you are not the intended recipient of this electronic transmission, you are hereby notified that any dissemination or copying of this transmission is strictly prohibited and will be sanctioned by law".
RE: Qualys scan/X-Frame-Options
Hi, I should have read that properly, it's not a matter of html, but http response... So I added x-frame-options=SAMEORIGIN to the headers that are added by IIS (in my case) to the response, and I should be hopefully fine. Bye, Petr -Original Message- From: Petr Nemecek [mailto:p...@cmail.cz] Sent: Tuesday, March 04, 2014 7:30 PM To: users@flex.apache.org Subject: Qualys scan/X-Frame-Options Hi all, one of our clients run Qualys scan on our app. The only finding was see below. The html file is the file that is automatically generated by Flash Builder during the compilation. I assume I will have to add some code into the html. Any idea how to cope with that automatically? I.e. not to have to edit the html manually whenever I export a new release. Many thanks, Petr URL: https://www.abc.de/app/app.html Finding # 326356057 First Time Detected 15 Feb 2014 04:07 GMT+0200 Group Information Disclosure Last Time Detected 15 Feb 2014 04:07 GMT+0200 CWE - Last Time Tested 15 Feb 2014 04:07 GMT+0200 OWASP - Times Detected 1 WASC - CVSS Base - CVSS Temporal- Details Threat The page can be easily framed. Anti-framing measures are not used. Impact Clickjacking and Cross-Site Request Forgery (CSRF) can be performed by framing the target site. An attack can trick the user into clicking on the link by framing the original page and showing a layer on top of it with dummy buttons. Solution Two of the most popular prevention are: X-Frame-Options: This header works with modern browsers and can be used to prevent framing of the page. Note that is must be an HTTP header, the setting is ignored if it is created as an "http-equiv" meta element within the page. Framekiller: JavaScript code that prevents the malicious user from framing the page.
Qualys scan/X-Frame-Options
Hi all, one of our clients run Qualys scan on our app. The only finding was see below. The html file is the file that is automatically generated by Flash Builder during the compilation. I assume I will have to add some code into the html. Any idea how to cope with that automatically? I.e. not to have to edit the html manually whenever I export a new release. Many thanks, Petr URL: https://www.abc.de/app/app.html Finding # 326356057 First Time Detected 15 Feb 2014 04:07 GMT+0200 Group Information Disclosure Last Time Detected 15 Feb 2014 04:07 GMT+0200 CWE - Last Time Tested 15 Feb 2014 04:07 GMT+0200 OWASP - Times Detected 1 WASC - CVSS Base - CVSS Temporal- Details Threat The page can be easily framed. Anti-framing measures are not used. Impact Clickjacking and Cross-Site Request Forgery (CSRF) can be performed by framing the target site. An attack can trick the user into clicking on the link by framing the original page and showing a layer on top of it with dummy buttons. Solution Two of the most popular prevention are: X-Frame-Options: This header works with modern browsers and can be used to prevent framing of the page. Note that is must be an HTTP header, the setting is ignored if it is created as an "http-equiv" meta element within the page. Framekiller: JavaScript code that prevents the malicious user from framing the page.