🤖 avm2: Send Shockwave-Flash-branded User-Agent from URLRequest (#9395)#23769
Open
MavenRain wants to merge 1 commit into
Open
🤖 avm2: Send Shockwave-Flash-branded User-Agent from URLRequest (#9395)#23769MavenRain wants to merge 1 commit into
MavenRain wants to merge 1 commit into
Conversation
…-rs#9395) Signed-off-by: Onyeka Obi <softwareengineerasaservant@isurvivable.cv>
This was referenced May 21, 2026
danielhjacobs
added
A-avm2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Addresses the User-Agent piece of #9395.
Flash Player sent a Shockwave-Flash-branded User-Agent on
URLLoader/Loader/URLStream fetches. Ruffle currently sends Ruffle/
(https://ruffle.rs) (the default reqwest client-level User-Agent on desktop,
set at frontend-utils/src/backends/navigator.rs:86), or the browser's
User-Agent on the web build. Flash-aware services that filter or branch on
User-Agent see "Ruffle" today and treat the request as non-Flash.
The fix mirrors the recently-landed X-Flash-Version pattern:
request_from_url_request in flash.display.Loader inserts a User-Agent entry
into string_headers before the user-headers loop, so the per-request header
overrides the reqwest client default while still letting
URLRequest.requestHeaders win for users who supply their own.
User-Agent value
Mozilla/5.0 (compatible; Shockwave Flash {player_version}.0.0.0)
For example, with player_version = 32: Mozilla/5.0 (compatible; Shockwave
Flash 32.0.0.0).
I picked a clearly-Flash-branded string rather than the IE-spoofing UA real
Flash Player 32 sent (Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0;
rv:11.0) like Gecko) because:
and ties us to the IE 11 UA's expiry date.
historically.
with a specific service requires it.
Web-platform caveat
fetch() in modern browsers silently drops user-supplied User-Agent headers per
security restrictions, so this fix only takes effect on the desktop build.
On the web build the browser's own UA flows through unchanged.
Test updates
tests/tests/swfs/avm2/loader_load/output.txt and
tests/tests/swfs/avm2/loader_method/output.txt updated to include the new
User-Agent: Mozilla/5.0 (compatible; Shockwave Flash 32.0.0.0) line in the
captured fetch headers. These were the only log_fetch=true fixtures whose
output.txt exercised a URLRequest path.
Remaining #9395 scope
Content-Type was implicitly fixed when URLRequest.contentType was wired up
after the 2023 report (both backends transmit it via body.1 mime-type today).
Accept and Accept-Encoding remain unimplemented and would be separate
follow-up PRs.
tests)