0 Replies Latest reply on Jun 1, 2009 2:08 PM by Damon Edwards

    Authorization Header - Why must the kb lie

    Damon Edwards Level 3

      This Authorization header mess is stressing me out the max!  If you read the KB Here, it clearly states the Authorization header was added back into Flash Player 9.0.124.  However, in my AIR application I get the ol': The HTTP request header cannon be set via ActionScript.  This only happens for my Authorization header, not the X-GData-Key, X-HTTP-Method-Override, or X-GData-Client, only the Authorization.  I've also read that when dealing with AIR, there are no restrictions on headers!  I also must mention that I'm explicitly loading in the crossdomain here: http://gdata.youtube.com/crossdomain.xml, which spits out this warning when my application is test-published from inside Flash:

       

      Warning: Domain gdata.youtube.com does not explicitly specify a meta-policy, but Content-Type of policy file http://gdata.youtube.com/crossdomain.xml is 'text/x-cross-domain-policy'.  Applying meta-policy 'by-content-type'.

       

      But, their crossdomain does include this line: <allow-http-request-headers-from domain="*" headers="*"/>

       

      What is going wrong??  Here's a link to my earlier thread which was burried with no replies.

       

      Thanks to anyone who can help.  I really don't want to use the as3httpclient to get past this, since all the documents I've read state this should be possible.