Items tagged recovered, flash
CSRF: Flash + 307 redirect = Game Over. Here’s the exploit that Django and Rails both just released fixes for. It’s actually a flaw in the Flash player. Flash isn’t meant to be able to make cross-domain HTTP requests with custom HTTP headers unless the crossdomain.xml file on the other domain allows them to, but it turns out a 307 redirect (like a 302, but allows POST data to be forwarded) confuses the Flash player in to not checking the crossdomain.xml on the host it is being redirect to. # 10th February 2011, 10:07 pm
The crisis Flash now faces is that Apple has made it clear that Flash will no longer be ubiquitous, as it won’t exist on the iPhone platform, thus turning “runs everywhere” into “runs almost everywhere.” As Web developers know, “runs almost everywhere” is a recipe for doing everything at least twice.