| CARVIEW |
Select Language
HTTP/2 200
date: Sat, 26 Jul 2025 12:32:22 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"346dd876c98a7e9ea7034aa0da4392b3"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=Bp%2FCQz1LKmTqANsDH7aYicE9vi%2B2Zi8IyVpqy0zXy1pDq6CyO7O%2BJDS5GrQZtA9woZIfrvIV7cQrpRhLzyJoFCqUl21uUDCrlNpOM0pZX44%2F%2FdXi%2BFfeIvAVqMXQjSXnBjsgjH0nCMDdrjBXO%2B5efT2WaSvWB2Xj6PLPIf9mAGDYunF1FEjjcE%2FtJVyJJ0cCZLCOPCuea4NanKchF8rfNAMnZ1m0cukpZPeUqHghcdQQUp5tQ0imQFAThJCMjeWUBdhq0ynwawLwCfbNWRvZPw%3D%3D--ylLgKzlOvQ69c6JU--hc9t8JXo63EraFUGZ4t%2BgA%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1958664470.1753533141; Path=/; Domain=github.com; Expires=Sun, 26 Jul 2026 12:32:21 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Sun, 26 Jul 2026 12:32:21 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: 9864:14DB91:567362:70AF4B:6884CAD5
GitHub - dv/HTTPForm: Actionscript 3 library to emulate a multipart/form-data HTML form submission request, including file upload.
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 0
Actionscript 3 library to emulate a multipart/form-data HTML form submission request, including file upload.
License
dv/HTTPForm
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Crowdway.http Actionscript 3 Library
------------------------------------
This little library helps you create HTTP requests which a server would interpret as true HTML form submissions. It is possible to set the encoding for each field, please check out the source code for specifics.
Put these files in subdirectories ./crowdway/http/ under the root folder of your project, so that the actionscript compiler will be able to reach them.
Example code:
httpForm = new HTTPForm("https://www.google.com");
httpForm.addEventListener(flash.events.Event.COMPLETE, eventCompleteHandler);
httpForm.addField(MimeString.fromString("name", "David Verhasselt")); // Add field named "name"
httpForm.addField(MimeString.fromString("email", "david@crowdway.com")); // Add field named "email"
httpForm.addField(MimeFile.fromByteArray("avatar", "david_at_the_beach_07.jpg", filedata)); // Add filefield named "avatar"
httpForm.send();
function eventCompleteHandler(event:Event):void
{
var loader:URLLoader = URLLoader(event.target);
trace(loader.data);
}
The code above emulates a form with 3 inputfields:
- an inputbox named "name" with value "David Verhasselt"
- an inputbox named "email" with value "david@crowdway.com"
- a fileinput named "avatar" in which the user selected a file named "david_at_the_beach_07.jpg"
with contents the ByteArray filedata
It is sent to https://www.google.com. The server at google.com will think it is receiving a form submission with an attached image. The result will be trace()d.
2009 Addendum: The code above works perfectly with Flash 9. However, starting with Flash 10, Adobe has issued some really constrictive security policies which don't really increase security in my opinion. One of them, explained in [1], pertains to any networking call that contains a file upload. Practically, starting with Flash 10, you can send file uploads using httpForm or an alternative only when it is instigated by a user action. For example, only in an onClick eventhandler or a function called by that eventhandler will httpForm.send() work. If you haven't attached a MimeFile with a filename then this restriction doesn't apply.
If you are willing to forgo the server recognizing the file as a fileupload, you can still send the form with the file added as a regular, raw binary inputfield by dismissing the filename:
httpForm.addField(MimeFile.fromByteArray("avatar", null, filedata));
The server won't recognize it as a file anymore, but the POST-field named "avatar" will still contain the binary filedata.
[1] https://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes_print.html#head34
(c) 2006-2012 David Verhasselt <david@crowdway.com>
Licensed under the MIT license
About
Actionscript 3 library to emulate a multipart/form-data HTML form submission request, including file upload.
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
You can’t perform that action at this time.