flex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Martin <chrsm...@outlook.com>
Subject Re: HTTP Basic Authentication for URLRequest
Date Thu, 26 Mar 2015 10:00:44 GMT
> I think flash player is trying to be consistent by disallowing such headers.


Yep, majority of the time flash player will strip any custom headers you set. However, in
the case of a POST request with data in the body, you can supply your own custom headers.


I did notice in your screen capture that the body of the request was empty. In that case,
indeed the headers will then be stripped out by the flash player. Have you tried to also set
the contentType to be application/x-www-form-encoded-values? That will ultimately affect how
the message body gets built out.


You can trace down into the SDK to see where that happens.  Can't remember right off hand
right now.  I'll check later on when I get into the office for that and the right contentType
string value.  I think I got it right though.


Chris 






Sent from Windows Mail





From: OmPrakash Muppirala
Sent: ‎Thursday‎, ‎March‎ ‎26‎, ‎2015 ‎1‎:‎56‎ ‎AM
To: users@flex.apache.org





On Mar 25, 2015 10:16 PM, "Deepak MS" <megharajdeepak@gmail.com> wrote:
>
> Sorry, was away for sometime.
>
> I ran it through network monitor in FB.
> Screenshot: http://pasteboard.co/25kUwXgR.png
>
> Looks like header is not passed at all.
>
> Code:
> var req:URLRequest = new URLRequest(pathRemote);
>                 req.method = URLRequestMethod.POST;
>                 req.data = new URLVariables("name=John+Doe");
>
>                 var encoder:Base64Encoder = new Base64Encoder();
>                 encoder.insertNewLines = true;
>                 encoder.encode("myusername:mypassword");
>
>
>                 var credsHeader:URLRequestHeader = new
> URLRequestHeader("Authorization", "Basic " + encoder.toString());
>                req.requestHeaders.push(credsHeader);
>                 remoteURLStreamer.load(req);
>
>
> I looked at the doc:
>
http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/URLRequestHeader.html
>
> It says:
> "In Flash Player and in Adobe AIR content outside of the application
> security sandbox, the following request headers cannot be used
> Accept-Charset, Accept-Encoding, Accept-Ranges, Age, Allow, Allowed,
> Authorization, Charge-To, Connect, Connection, Content-Length,
> Content-Location, Content-Range, Cookie, Date, Delete, ETag, Expect, Get,
> Head, Host, If-Modified-Since, Keep-Alive, Last-Modified, Location,
> Max-Forwards, Options, Origin, Post, Proxy-Authenticate,
Proxy-Authorization,
> Proxy-Connection, Public, Put, Range, Referer, Request-Range, Retry-After,
> Server, TE, Trace, Trailer, Transfer-Encoding, Upgrade, URI, User-Agent,
> Vary, Via, Warning, WWW-Authenticate, x-flash-version."
>
> Why does header request cannot have 'Authorization' object? So how else
can
> we pass the header request?
>

The http requests go through the browser.  Different browsers have
different rules about how the headers are handled.   I think flash player
is trying to be consistent by disallowing such headers.

One approach you could take is use the as3httpclent library,  which allows
you to more reliably pass the http headers you want to send,  an
authorization header in your case.

Thanks,
Om

> On Thu, Mar 26, 2015 at 10:04 AM, Chris Martin <chrsmrtn@outlook.com>
wrote:
>
> > Yeah, a network packet log would be a huge help.  Then you can rule out
> > whether or not the Authorization header is present in your request or
not.
> >  I use fiddler[1] all the time. Also it makes it easy to detect if
> > something else went wrong at the server side like your authentication
> > request failed with a 403 Forbidden response.
> >
> >
> >
> >
> >
> >
> > [1] http://www.telerik.com/fiddler
> >
> >
> > Chris
> >
> >
> > Sent from Windows Mail
> >
> >
> >
> >
> >
> > From: Tom Chiverton
> > Sent: ‎Tuesday‎, ‎March‎ ‎24‎, ‎2015 ‎2‎:‎24‎ ‎AM
> > To: users@flex.apache.org
> >
> >
> >
> >
> >
> > Do you have a network packet log ?
> >
> > Tom
> >
> > On 24/03/15 04:25, Deepak MS wrote:
> > > Any help on this please? I still haven't found any solution for this.
I
> > > keep getting username\password prompt on the simulator. ;(
> > >
> > > On Mon, Mar 16, 2015 at 7:30 PM, Deepak MS <megharajdeepak@gmail.com>
> > wrote:
> > >
> > >> Hello,
> > >> I'm trying to download a file from the server which requires basic
> > >> authentication(need to enter user name and password to access).
> > >>
> > >> I came across these links:
> > >>
> > >>
> >
http://stackoverflow.com/questions/509219/flex-3-how-to-support-http-authentication-urlrequest
> > >>
> > >>
> >
http://johncblandii.com/2011/07/flex-quick-tip-urlrequest-basic-auth.html
> > >>
> > >>
http://blog.derraab.com/2010/02/25/urlrequest-with-http-authentication/
> > >>
> > >> Tried all of it. I either get IO error or I get windows
authentication
> > >> popup window when I run the mobile app on my desktop.
> > >>
> > >> None of it seem to work. I'm using Flex4.14\AIR16.
> > >>
> > >> Screenshot:
> > >> http://pbrd.co/18wmsZK
> > >>
> > >>
> > >> Code that I have been trying:
> > >>
> > >> <?xml version="1.0" encoding="utf-8"?>
> > >> <s:View xmlns:fx="http://ns.adobe.com/mxml/2009"
> > >>          xmlns:s="library://ns.adobe.com/flex/spark" title="Contact"
>
> > >>      <s:layout>
> > >>          <s:VerticalLayout/>
> > >>      </s:layout>
> > >>      <fx:Script>
> > >>          <![CDATA[
> > >>              import mx.events.FlexEvent;
> > >>              import mx.utils.Base64Encoder;
> > >>
> > >>              private var remoteURLStreamer:URLStream= new
URLStream();
> > >>
> > >>              private var pathRemote:String = '
> > >> http://myserver.com/datafiles/myfile.zip';
> > >>
> > >>              private function startRemoteFileDownload():void
> > >>              {
> > >>                  URLRequestDefaults.setLoginCredentialsForHost('
> > >> www.myserver.com','myusername','mypassword'); // not working
> > >>
> > remoteURLStreamer.addEventListener(ProgressEvent.PROGRESS,
> > >> remoteURLStreamerProgressHandler);
> > >>
> > remoteURLStreamer.addEventListener(IOErrorEvent.IO_ERROR,
> > >> remoteURLStreamerIOErrorHandler);
> > >>
> > >> remoteURLStreamer.addEventListener(SecurityErrorEvent.SECURITY_ERROR,
> > >> remoteURLStreamerSecurityErrorHandler);
> > >>
> > >>                  var req:URLRequest = new URLRequest(pathRemote);
> > >>
> > >>                  req.method = URLRequestMethod.POST;
> > >>
> > >>                  req.data = new URLVariables("name=John+Doe"); //(one
> > post
> > >> suggests to pass dummy parameters to data) not working
> > >>
> > >>                  var encoder:Base64Encoder = new Base64Encoder();
> > >>                  encoder.insertNewLines = true;
> > >>                  encoder.encode("myusername:mypassword");
> > >>
> > >>
> > >>                  var credsHeader:URLRequestHeader = new
> > >> URLRequestHeader("Authorization", "Basic " + encoder.toString());
//not
> > >> working
> > >>                  req.requestHeaders.push(credsHeader);
> > >>                  remoteURLStreamer.load(req);
> > >>
> > >>              }
> > >>
> > >>              private function
> > >> remoteURLStreamerProgressHandler(event:ProgressEvent):void
> > >>              {
> > >>
> > >>                  switch (event.type)
> > >>                  {
> > >>                      case "progress":
> > >>                          lb.text = event.bytesLoaded.toString();
> > >>                          break;
> > >>                  }
> > >>              }
> > >>
> > >>
> > >>
> > >>              private function
> > >> remoteURLStreamerIOErrorHandler(event:IOErrorEvent):void
> > >>              {
> > >>                  lb.text = 'IOError';
> > >>              }
> > >>
> > >>              private function
> > >> remoteURLStreamerSecurityErrorHandler(event:SecurityErrorEvent):void
> > >>              {
> > >>                  lb.text = 'SecurityError';
> > >>              }
> > >>
> > >>
> > >>              protected function
> > button1_clickHandler(event:MouseEvent):void
> > >>              {
> > >>                  startRemoteFileDownload();
> > >>              }
> > >>
> > >>          ]]>
> > >>      </fx:Script>
> > >>
> > >>      <s:Button label="hello" click="button1_clickHandler(event)"/>
> > >>      <s:Label id="lb" text="Hello"/>
> > >> </s:View>
> > >>
> > >>
> > >>
> > >> Can you kindly let me know if there is something going wrong here?
Or is
> > >> there any other way to make it work?
> > >>
> > >>
> > >
> > > ______________________________________________________________________
> > > This email has been scanned by the Symantec Email Security.cloud
service.
> > > For more information please visit http://www.symanteccloud.com
> > > ______________________________________________________________________
> >
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message