0 Replies Latest reply on Aug 20, 2009 6:46 AM by IrishAIRMax

    Authorization header and XMLHttpRequest in air??


      Hi everyone,


      I had huge trouble with this header as I was not aware Adobe had restriced it as I had not come across this. Also the error message (DOM Exception 12 : syntax error) was not much help either. The way I got around this is by string.replace("\n","") encase anyone else is having same problem. don't know why tihs works because there was no "\n" in the string, i evern did string.search to check for one maybe only AIR could see but none there? I have no idea why this allows this to work but it does, got idea from a base64encoder example that didn't work, maybe AIR thinks it encoded and safe to send?




      This is not why I am posting, that problem is fixed.


      I was wondering does anyone know if i only had this problem because I was in the application sandbox.


      i.e. if i was in a non application sandbox ( an iframe which pointed to another html file through "scr" and that has "sandboxRoot='www.somedomain.com' documentRoot='app:/'" would this I have this problem. Does AIR only restric the authorization header with the application sandbow and not the no application sandbox?


      I ask this as Adobe say that the non application sandbox acts like normal web browser in that it takes in external JavaSrcipt files from googl/yahoo etc. and allows for eval..........



      So does AIR restrict the authorization header in both sandboxes or just the application sandbox??


      Plus what does optional mean in this box below found at

      http://labs.adobe.com/wiki/index.php/AIR:HTML_Security_FAQ#How_would_someone_code_in_this_ new_model.3F??




      AIR Application Sandbox

      AIR Non-application

      Can    execute cross-domain requests (XMLHttpRequest)?





      what does optional mean?? do you have to set the non aplication sandbox up in a certain way in order to allow for XMLHttpRequests?


      Thank you all in advance