Status Update from Flash / Flex or Apollo is now broken.
Bluespark
I just saw today, that Twitter has changed the Update Status API
(message below). There is one huge issue with this change, Flash /
Flex / Apollo has security in place so that it is not possible to
modify the HTTP_REFERER header when a request is sent out, this has
bascially killed my application now that I cannot use Twitter
anymore : (
Link to adobe saying that Referer cannot be modified.
http://livedocs.adobe.com/flex/201/langref/flash/net/URLRequestHeader.html
Currently Flash sends the name of the active swf file in the Apollo
application, is it possible to modify this to allow this type of
request with either .swf or app-resource. Please....
Referer: app-resource:/Tweetr-debug.swf OR Referer: app-resource:/
Tweetr.swf
This is sad because I have spent about 60 or more hours building
tweetr and have even setup www.tweet-r.com
--- the following message is returned from http://twitter.com/statuses/update.xml,
before this was working fine. ---
Sorry, due to abusive behaviour, we have been forced to disable
posting from external websites. If
you are posting from an API tool, please ensure that the HTTP_REFERER
header is not set.
--------
Can anyone help here?
Many Regards, John Ballinger
This is currently what all my headers look like
OST /statuses/update.xml HTTP/1.1
Referer: app-resource:/Tweetr-debug.swf
x-flash-version: 9,0,28,0
Content-Type: application/x-www-form-urlencoded
Authorization: Basic [my username pass would be here]
Content-Length: 24
User-Agent: Shockwave Flash
Host: twitter.com
Pragma: no-cache
Cookie: __utma=43838368.2110724840.1175585303.1175585303.1175585303.1;
__utmz=43838368.1175585303.1.1.utmccn=(direct)|utmcsr=(direct)|
utmcmd=(none); _twitter_session=1cdb5fce9a53a0e5447880202321d61a
Blaine Cook
sorry about that! I didn't realize Apollo handled http referrers that way - I've updated the code to allow referrers that begin with "app-resource:", it'll be deployed this evening.
thanks for the feedback,
Blaine
It's Obvious - http://twitter.com/blaine
Hi
I just saw today, that Twitter has changed the Update Status API
(message below). There is one huge issue with this change, Flash /
Flex / Apollo has security in place so that it is not possible to
modify the HTTP_REFERER header when a request is sent out, this has
bascially killed my application now that I cannot use Twitter
anymore : (
Link to adobe saying that Referer cannot be modified.
http://livedocs.adobe.com/flex/201/langref/flash/net/URLRequestHeader.html
Currently Flash sends the name of the active swf file in the Apollo
application, is it possible to modify this to allow this type of
request with either .swf or app-resource. Please....
Referer: app-resource:/Tweetr- debug.swf OR Referer: app-resource:/
Bluespark
Thanks so much.... This has been doing my head in, I have actually
spent heaps of time trying to figure out several other ways, but this
is soo locked down in flash / flex / apollo.
Now that I have found this forum I can now see how to stay in touch,
anyway, gotta saw how much I just LOVE twitter, it is just soo cool
and really has made me excited about the web again and about how my
clients dont get it.
Many regards, John Ballinger
On Apr 4, 1:43 pm, "Blaine Cook" <rom...@gmail.com> wrote:
> Hey there,
>
> sorry about that! I didn't realize Apollo handled http referrers that way -
> I've updated the code to allow referrers that begin with "app-resource:",
> it'll be deployed this evening.
>
> thanks for the feedback,
>
> Blaine
> It's Obvious -http://twitter.com/blaine
>
> On 4/3/07, Bluespark <spo...@gmail.com> wrote:
>
>
>
> > Hi
> > I just saw today, that Twitter has changed the Update Status API
> > (message below). There is one huge issue with this change, Flash /
> > Flex / Apollo has security in place so that it is not possible to
> > modify the HTTP_REFERER header when a request is sent out, this has
> > bascially killed my application now that I cannot use Twitter
> > anymore : (
> > Link to adobe saying that Referer cannot be modified.
> >http://livedocs.adobe.com/flex/201/langref/flash/net/URLRequestHeader...
>
> > Currently Flash sends the name of the active swf file in the Apollo
> > application, is it possible to modify this to allow this type of
> > request with either .swf or app-resource. Please....
> > Referer: app-resource:/Tweetr-debug.swf OR Referer: app-resource:/
Rick Measham
> I've updated the code to allow referrers that begin with "app-resource:",
> it'll be deployed this evening.
Bluespark wrote:
> Thanks so much.... This has been doing my head in, I have actually
> spent heaps of time trying to figure out several other ways, but this
> is soo locked down in flash / flex / apollo.
Does flash/flex/apollo allow you to set other headers? If so can we get
the logic to require the 'X' headers rather than an absence of referrer
headers?
Cheers!
Rick Measham
Bluespark
>From what I have seen so far, it is not an issue to set headers in
Flash 7 / Flash 8 / Flash 9 / Flex and Apollo.
So this would be the nicest way to weed out this other requests coming
in.
I have just added the
X-Twitter-Client: Tweetr
to my client and will have this fully working soon : ) with the XML
doc that you have listed in your API, this would be the best way to go
as Apollo is in Alpha and they may change the header logic. I have
already seen a post on the Apollo Forum about the referer header not
being very accurate.
Thanks for you help again, will be watching this thread as the day
goes by so more than happy to test or help with changes.
Cheers, John Ballinger.
That is now set and coming through new Header log now below.
-------------- current headers in tweeter ------------
POST /statuses/update.json HTTP/1.1
Referer: app-resource:/Tweetr-debug.swf
x-flash-version: 9,0,28,0
Content-Type: application/x-www-form-urlencoded
X-Twitter-Client: Tweetr
Authorization: Basic not shown.... : )
Content-Length: 27
User-Agent: Shockwave Flash
Host: twitter.com
Pragma: no-cache
Cookie: __utma=43838368.2110724840.1175585303.1175585303.1175585303.1;
__utmz=43838368.1175585303.1.1.utmccn=(direct)|utmcsr=(direct)|
utmcmd=(none); _twitter_session=34850fd466a0b96f9d205b08cf860865