0 Replies Latest reply on Jun 30, 2012 8:36 AM by xcession

    Whats happening to my set-cookie header?

    xcession

      I'm writing a desktop client for a Django app running on an https domain.

       

      I'm attempting to retrieve cookies set by the django site when I call the site using URLRequest as follows:

       

      var urlVariables = new air.URLVariables();

      urlVariables.foo = "bar"


      var request = new air.URLRequest("https://www.example.com/api/foo/");

      request.data = urlVariables;

      request.method = air.URLRequestMethod.POST;

       

      var loader = new air.URLLoader();

      loader.addEventListener(air.HTTPStatusEvent.HTTP_RESPONSE_STATUS, httpStatusHandler);

      loader.addEventListener(air.Event.COMPLETE, completeHandler);

      loader.addEventListener(air.IOErrorEvent.IO_ERROR, ioErrorHandler);

      loader.load(request);

       

      However if I loop over the headers returned by the site like so...

       

      function httpStatusHandler(event){

          for(var i=0; i<event.responseHeaders.length; i++){

             air.trace(event.responseHeaders[i].name);

          }

      }

       

      ...I discover that that the Set-Cookies header is conspicuously absent.

       

      Is this a deliberate security restriction for calls to HTTPS sites? I'm completely baffled.

       

      Any help appreciated.