Hyland Connect

benjamindupont · ‎05-05-2015

Hello,
I'm currently runnig Alfresco Community, and I have some troubles since Alfresco 4.2.x. When I try to preview all .swf files in my web browser directly from Alfresco, I can't see the file and I get this message (in french) :
<cite>Le type MIME pour le contenu demandé pose un risque de sécurité et ne sera pas affiché.</cite>
Google translation says :
<cite>The MIME type for the requested content poses a security risk and will not be displayed.</cite>

Do you have ane idea how to fix this problem by putting an security exception for this kind of file ? For my knowledge, do you know why is there this security blocking ?

Thanks!

Cheers

rjohnson · ‎05-05-2015

I suspect it is your flash version. I have not had this in Alfresco but I have had it with flash video.

benjamindupont · ‎05-06-2015

Thanks Bob for your reply!
I tried with FF, FF with a mobile, Chromium, Chrome and Internet Explorer, and I have the same result… How can I be sure that it's not a problem with flash player ?
If it's not Flash Player, do you have another idea to fix that ?

NB : you can see in the attached file, what is displayed on my screen.

rjohnson · ‎05-06-2015

Your issue is slightly different to what I thought it was, it looks like you are doing "view in browser" and getting this error. Now, if you uploaded the SWF then Alfresco will not convert it to anything else it will just store it and it should stream it to the browser with the mime type you uploaded it with. That seems to be happening but it looks like your browser has decided it thinks the flash mimetype can be a security risk (and there is a very minor truth in that). To check your browsers I woudl try 2 things:-

Download the file & then try and open it off the desktop. That may well open it direct in Flash rather than a browser but if you can download then open you can be sure that the files are not being corrupted in some way.

Find a web site that has flash on it & try and open that. Watch this Flash movies are not necessarily SWF they can (usually are) flv and most internet "flash" content is FLV, So I would try searching for SWF files in Google & try and be sure you are playing an SWF not an FLV. If you can view an internet SWF then your browser plug in is OK.

If you can download & play and can also view SWF on the internet then it pehaps that you attempt to stream is presenting an odd mimetype. To check this you will need to load the browser developer code & check what mimetype is being presented. With that information you can start to see what fixes may be needed.

benjamindupont · ‎05-07-2015

I've done the tests of my browser and it confirms what I thought : the problem doesn't seem to come from the browser.
I can read/display this web site with a swf file : http://www2.cslaval.qc.ca/cdp/UserFiles/File/previews/poumons.swf
When I download the file I try preview, and I open it in my browser, it works fine.
For information, I have the latest Flash Player 17,0,0,169 installed, and the mime type of the file is "Shockwave Flash". When I try to preview the file with Alfresco, and I inspect the page : it's almost empty (see the attached file).

I'm wondering, is there some kind of "black list" of the mime type blocked by Alfresco in its configuration (blocked for security reason) ?

Thanks for your help.

rjohnson · ‎05-08-2015

Well, up to and including 4.2e there is no such control that I am aware of, but looking at your screen grab it certainly does seem to be the case that Alfresco is refusing to serve the document. Unless you have some virus checking or security programs that might interfere with the web servers return…… but I would expect it to interfere with any web site or any local file not merely Alfresco.

I have just spotted that you are on 5.0d so it is possible that some filtering has been added but I simply would not know I'm afraid.

The document is still served to the browser via a webscript that streams the content that is part of the standard REST API. All I can suggest is to find the source for that and see if some mimetype filtering has been added.

rjohnson · ‎05-09-2015

OK. Looks like there is control in the java class SlingshotRemoteClient which actively prevents the streaming of Shockwave Flash mimetypes.

This exists in 4.2e (I didn't know because I never tried).

If you need to be able to do this you will need to override the above. The source is at

https://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/COMMUNITYTAGS/V4.2f/root/projects/sling...

So you would need to recompile the necessary beans to include your updated SlingshotRemoteClient.java

Maybe Kevin Roast who is a long time expert in these forums can help and provide some background to the comment

/**
* Override the Spring WebScripts impl of RemoteClient to provide additional security
* processing of HTML responses retrieved via content APIs. Prevents the execution of
* inline JavaScript proxy driven API calls via XHR requests and similar.
*
* @author Kevin Roast
*/

benjamindupont · ‎05-11-2015

Hi Bob,
Thanks for your help! It's seem not so easy to solve this problem… and I'm wondering if it worth to spend time to solve it.
Anyway, thanks again.

I'll think about it!

Hyland Connect

Problems with .SWF previews