0 Replies Latest reply on Jun 30, 2012 8:36 AM by xcession

    Whats happening to my set-cookie header?


      I'm writing a desktop client for a Django app running on an https domain.


      I'm attempting to retrieve cookies set by the django site when I call the site using URLRequest as follows:


      var urlVariables = new air.URLVariables();

      urlVariables.foo = "bar"

      var request = new air.URLRequest("https://www.example.com/api/foo/");

      request.data = urlVariables;

      request.method = air.URLRequestMethod.POST;


      var loader = new air.URLLoader();

      loader.addEventListener(air.HTTPStatusEvent.HTTP_RESPONSE_STATUS, httpStatusHandler);

      loader.addEventListener(air.Event.COMPLETE, completeHandler);

      loader.addEventListener(air.IOErrorEvent.IO_ERROR, ioErrorHandler);



      However if I loop over the headers returned by the site like so...


      function httpStatusHandler(event){

          for(var i=0; i<event.responseHeaders.length; i++){





      ...I discover that that the Set-Cookies header is conspicuously absent.


      Is this a deliberate security restriction for calls to HTTPS sites? I'm completely baffled.


      Any help appreciated.