This content has been marked as final. Show 5 replies
Oh woe is me, woe is me. I'm about to commit someone (me?) as a result of all this header madness.
I have the same exact problem. See my latest blog post at http://verveguy.blogspot.com/2008/06/headers-ate-my-brain.html
It simply DOESN'T WORK
So sorry for not responding earlier I have been having authentication header problems for a while and I think there is an issue with flash player and maybe even Air.
I find that if you create an Air app in Flex builder you can then try it out using the same code, but it doesn't always work. I have found that some headers work in Air and don't in Web so flash player being the problem.
However here is a solution I came to to handle the Basic authentication header.
If it works
feedRequest = new HTTPService();
feedRequest.url = theURL;
feedRequest.method = "post";
feedRequest.contentType = "application/xml";
var encoder:Base64Encoder = new Base64Encoder();
encoder.encode(userID + ":" + passWord);
feedRequest.headers["Authorization"] = "Basic " + encoder.toString();
So in brief, setup a model with just anything in it, set the request to post not GET... set the content type and then did the send with the dummy data.
This actually set the header and returned the data as required. Weird thing is that if I did a get no header set, if I did a post without sending any data no header set. also if I didn't set the contentType although that might be my application specific, no header set.
Hope this helps.
Indeed, it turns out that somewhere under the Flex stack, all POST requests that have no actual data are silently turned into GET requests. At which point, all headers are stripped.
Furthermore, any GET requests that have a content-type of application/xml are silently turned into POST requests.
Here's what I've divined so far...it's more tortured than one would imagine
1/ All HTTP GET requests are stripped of headers. It's not in the Flex stack so it's probably the underlying Flash player runtime
2/ All HTTP GET requests that have content type other than "application/x-www-form-urlencoded" are turned into POST requests
3/ All HTTP POST requests that have no actual posted data are turned into GET requests. See 1/ and 2/
4/ All HTTP PUT and HTTP DELETE requests are turned into POST requests. This appears to be a browser limitation that the Flash player is stuck with.
What this boils down to in practical terms is that if you want to pass headers in all requests, you should always use POST and you should find another way to communicate the semantics of the operation you "really wanted". The Rails community have settled on passing ?_method=PUT/DELETE as a work around for the browser problems underlying 4/
Since Flash adds the wonderful header stripping pain on GET, I'm also using ?_method=GET as a workaround for that. However, since this trips up on 3/, I am passing a dummy object as the encoded POST data. Crucial at this step to know about 2/.
I've built all of this handling into a new RESTService class with MXML markup support so it's possible to pretend this doesn't exist on the client side.
Does that help some?
It doesn't seem to be the Flash player that is stripping out these headers. If you use the as3httpclient library, you can get around all of this. The bottom line is, if you want to do RESTful communication, you can't use the standard Flex HttpService calls.
Using the as3httpclient library solved my problems...so far
I think it is the flash player, in that I've walked all the way down through the Flex code stack and it's happening inside the underlying flash runtime methods that I cannot step into.
The as3httpclient library doesn't use the flash http methods at all, but rather uses raw socket communications.