JQuery uploadify cannot be uploaded in Google or Firefox, jqueryuploadify

JQuery uploadify cannot be uploaded in Google or Firefox, jqueryuploadify

Cause:

Because jQuery uploadify uploads data using flash, ie automatically binds local cookie storage to the server every time a data stream request is sent to the backend. But firefox and chrome won't do this, and they will think this is not safe. Haha, that's why. -- From http://www.cnblogs.com/mbailing/archive/2011/03/30/uploadify.html

I solve this problem in this way, so that all the code for uploading files does not need to be modified, and the modification is minimal, but there is a security risk:

If (this. loginInfo = null) {// solve the uploadify-compatible Firefox Google browser upload problem // However, this code poses a security risk to the system, the Flash program requests the system without verification // to solve this security risk, the Flash program needs to pass the user name and password for verification, however, the user name and password cannot be written at the front end so that the user can see if (Request. userAgent = "Shockwave Flash") {return;} else {filterContext. result = RedirectToAction ("LoginAgain", "Account", new {Area = "Auth"}); return ;}}View Code

Our system is ASP. net mvc. Although users can be invisible to sensitive information through encryption, malicious users can bypass system verification without decrypting sensitive information.

The verification information cannot be directly written to the front-end. You can use ajax to obtain the verification information from the back-end and then pass it to flash for verification in the interceptor.

 

After modification:

JS Code:

Ajax requests the background to obtain the user name and send it to flash

$ (Function () {$. ajax ({url: "/Auth/Account/GetUserNamePwd", type: "POST", dataType: "json", data :{}, success: function (data) {$ ("# uploadify "). uploadify ({height: 25, width: 100, swf: '/Content/Plugins/UploadifyJs/uploadify.swf', uploader: 'uploadfile', formData: {userName: data. data. userName, // The userName pwd: data obtained by ajax. data. pwd // password obtained by ajax}, buttonText: 'select file upload', fileSizeLimit: '4mb', fileTypeDe SC: 'file', fileTypeExts :'*. * ', queueID: 'filequeue', multi: true, onUploadSuccess: function (fileObj, data, response) {var d = eval ("(" + data + ")"); $ (". uploadify-queue-item "). find (". data "pai.html (" & nbsp; uploaded "); $ (" # url "). val (d. url); $ ("# name "). val (d. name) ;}, onUploadError: function (event, ID, fileObj, errorObj) {if (event. size> 4*1024*1024) {alert ('exceeds the file upload size limit (4 MB )! '); Return;} alert ('upload failed') ;}}); // end uploadify }}) ;}); // end $View Code

Code in the Interceptor:

...... If (this. loginInfo = null) {// solve the uploadify-compatible Firefox Google browser upload problem // However, this code poses a security risk to the system, the Flash program requests the system without verification // to solve this security risk, the Flash program needs to pass the user name and password for verification, however, the user name and password cannot be written at the front end so that the user can see if (Request. userAgent = "Shockwave Flash") {string userName = Request. params ["userName"]; string pwd = Request. params ["pwd"]; if (! String. IsNullOrWhiteSpace (userName )&&! String. IsNullOrWhiteSpace (pwd) {AuthDAL authDAL = new AuthDAL (); sys_user user = authDAL. GetUserInfoByName (userName); if (user! = Null & user. password = pwd) {return ;}} else {filterContext. result = RedirectToAction ("LoginAgain", "Account", new {Area = "Auth"}); return ;}}......View Code