0 Replies Latest reply on May 20, 2012 11:41 AM by Purushotham Nayak

    Apache proxy to overcome flex crossdomain.xml not working

    Purushotham Nayak

      I'm developing a flex application that will need consume a particular web service from an outside company url e.g. https://server1.company.com/service.asmx?wsdl. This uses Basic Authentication and so requires me to send the "Authorization" http header. I'm running the app using Flash Builder on a computer with just an IP (localhost).


      Since flash will remove the headers I've setup an Apache server with Reverse proxy (using mod_proxy and also  mod_ssl since the target uses https). My apache configuration is as follows:

      # Proxy
      LoadModule proxy_http_module modules/mod_proxy_http.so
      ProxyRequests Off
      ProxyPass /service.asmx https://server1.company.com/service.asmx
      ProxyPassReverse /service.asmx https://server1.company.com/service.asmx

      # SSL
      LoadModule ssl_module modules/mod_ssl.so
      SSLProxyEngine On


      I tested the proxy using a webbrowser and when I type in http://localhost/service.asmx?wsdl I get the prompt and when I enter the credentials I get the wsdl document. However when I run it via flex the network monitor shows that there is no Authorization header being sent i.e the header is still being removed and so I still get the prompt.

      My application is loaded using a localhost address. http://localhost/test/main.html which contains the swf file. So I thought this would work without using the crossdomain.xml file. But since it didn't work I added a crossdomain.xml in Apache's htdocs folder such that it's accessible as http://localhost/crossdomain.xml. But it's still the same problem. Here's my crossdomain.xml file.


      <allow-access-from domain="*"/>
      <site-control permitted-cross-domain-policies="all"/>
      <allow-http-request-headers-from domain="*" headers="Authorization"/> 

      It's still the same problem the Authorization headers are being removed. I tried '*' in place of 'Authorization' in the crossdomain.xml file and also tried using https://localhost instead of http://localhost and adding secure="true" to the crossdomain.xml file but nothing seems to fix this problem.