From cf425b27c5c959c9fb8120d1a88b299a1730a8e4 Mon Sep 17 00:00:00 2001 From: Jeremy Penner Date: Tue, 24 May 2011 09:22:45 -0700 Subject: [PATCH] add optional http headers for POSTing QTEs (to deal with csrf) --- src/Gamedisc.as | 7 ++++++- src/Main.as | 6 ++++-- src/Util.as | 6 ++++++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/Gamedisc.as b/src/Gamedisc.as index ab86dac..6ffe654 100644 --- a/src/Gamedisc.as +++ b/src/Gamedisc.as @@ -4,6 +4,7 @@ package import flash.events.EventDispatcher; import flash.net.sendToURL; import flash.net.URLRequest; + import flash.net.URLRequestHeader; import flash.net.URLRequestMethod; import flash.net.URLVariables; /** @@ -17,6 +18,7 @@ package public var urlVideo:String; public var urlPostQte:String; + public var headerPostQte:Object; public var typeVideotube:String; public var rgqte:Array; public function Gamedisc(urlVideo:String = null, typeVideotube:String = null) @@ -32,6 +34,8 @@ package { var req:URLRequest = new URLRequest(urlPostQte); req.method = URLRequestMethod.POST; + for (var key:String in headerPostQte) + req.requestHeaders.push(new URLRequestHeader(key, headerPostQte[key])); var data:URLVariables = new URLVariables(); data.qte = JSON.encode(qte.ToJson()); req.data = data; @@ -56,7 +60,7 @@ package json.urlPostQte = urlPostQte; return json; } - public function FromJson(json:Object):void + public function FromJson(json:Object, jsonPostHeaders:Object):void { rgqte = []; for each (var jsonQte:Object in json.rgqte) @@ -68,6 +72,7 @@ package urlVideo = json.urlVideo; typeVideotube = json.typeVideotube; urlPostQte = json.urlPostQte; + headerPostQte = jsonPostHeaders; } } diff --git a/src/Main.as b/src/Main.as index 81f154e..2f4ce45 100644 --- a/src/Main.as +++ b/src/Main.as @@ -23,7 +23,7 @@ package public function Main():void { gamedisc = new Gamedisc(); - gamedisc.FromJson(JSON.decode(loaderInfo.parameters.jsonDisc)); + gamedisc.FromJson(JSON.decode(loaderInfo.parameters.jsonDisc), JSON.decode(loaderInfo.parameters.jsonPostHeaders)); videotube = gamedisc.CreateVideotube(); if (stage) init(); else addEventListener(Event.ADDED_TO_STAGE, init); @@ -66,11 +66,13 @@ package private function onVideotubeReady(event:Event = null):void { toggleGame(); + if (gamedisc.urlPostQte == null) + toggleGame(); videotube.play(); } private function onKey(key:KeyboardEvent):void { - if (key.keyCode == Keyboard.SPACE) + if (key.keyCode == Keyboard.SPACE && gamedisc.urlPostQte != null) toggleGame(); } } diff --git a/src/Util.as b/src/Util.as index 14fb105..69b340d 100644 --- a/src/Util.as +++ b/src/Util.as @@ -1,5 +1,7 @@ package { + import com.adobe.serialization.json.JSON; + import flash.external.ExternalInterface; /** * ... * @author jjp @@ -23,6 +25,10 @@ package } return -imin; } + public static function alert(...rgo:*):void + { + ExternalInterface.call("alert", JSON.encode(rgo)); + } } } \ No newline at end of file