add optional http headers for POSTing QTEs (to deal with csrf)

2011-05-24 09:22:45 -07:00 · 2011-05-24 09:22:45 -07:00 · cf425b27c5
parent b816a45b4d
commit cf425b27c5
3 changed files with 16 additions and 3 deletions
--- a/src/Gamedisc.as
+++ b/src/Gamedisc.as
@ -4,6 +4,7 @@ package
 	import flash.events.EventDispatcher;
 	import flash.net.sendToURL;
 	import flash.net.URLRequest;
+	import flash.net.URLRequestHeader;
 	import flash.net.URLRequestMethod;
 	import flash.net.URLVariables;
 	/**
@ -17,6 +18,7 @@ package
 		
 		public var urlVideo:String;
 		public var urlPostQte:String;
+		public var headerPostQte:Object;
 		public var typeVideotube:String;
 		public var rgqte:Array;
 		public function Gamedisc(urlVideo:String = null, typeVideotube:String = null) 
@ -32,6 +34,8 @@ package
 			{
 				var req:URLRequest = new URLRequest(urlPostQte);
 				req.method = URLRequestMethod.POST;
+				for (var key:String in headerPostQte)
+					req.requestHeaders.push(new URLRequestHeader(key, headerPostQte[key]));
 				var data:URLVariables = new URLVariables();
 				data.qte = JSON.encode(qte.ToJson());
 				req.data = data;
@ -56,7 +60,7 @@ package
 				json.urlPostQte = urlPostQte;
 			return json;
 		}
-		public function FromJson(json:Object):void
+		public function FromJson(json:Object, jsonPostHeaders:Object):void
 		{
 			rgqte = [];
 			for each (var jsonQte:Object in json.rgqte)
@ -68,6 +72,7 @@ package
 			urlVideo = json.urlVideo;
 			typeVideotube = json.typeVideotube;
 			urlPostQte = json.urlPostQte;
+			headerPostQte = jsonPostHeaders;
 		}
 	}

--- a/src/Main.as
+++ b/src/Main.as
@ -23,7 +23,7 @@ package
 		public function Main():void 
 		{
 			gamedisc = new Gamedisc();
-			gamedisc.FromJson(JSON.decode(loaderInfo.parameters.jsonDisc));
+			gamedisc.FromJson(JSON.decode(loaderInfo.parameters.jsonDisc), JSON.decode(loaderInfo.parameters.jsonPostHeaders));
 			videotube = gamedisc.CreateVideotube();
 			if (stage) init();
 			else addEventListener(Event.ADDED_TO_STAGE, init);
@ -66,11 +66,13 @@ package
 		private function onVideotubeReady(event:Event = null):void
 		{
 			toggleGame();
+			if (gamedisc.urlPostQte == null)
+				toggleGame();
 			videotube.play();
 		}
 		private function onKey(key:KeyboardEvent):void
 		{
-			if (key.keyCode == Keyboard.SPACE)
+			if (key.keyCode == Keyboard.SPACE && gamedisc.urlPostQte != null)
 				toggleGame();
 		}
 	}
--- a/src/Util.as
+++ b/src/Util.as
@ -1,5 +1,7 @@
 package  
 {
+	import com.adobe.serialization.json.JSON;
+	import flash.external.ExternalInterface;
 	/**
 	 * ...
 	 * @author jjp
@ -23,6 +25,10 @@ package
 			}
 			return -imin;
 		}
+		public static function alert(...rgo:*):void
+		{
+			ExternalInterface.call("alert", JSON.encode(rgo));
+		}
 	}

 }