4

Quite simple really:

var req:URLRequest=new URLRequest();
req.url="http://somesite.com";
var header:URLRequestHeader=new URLRequestHeader("my-bespoke-header","1");
req.requestHeaders.push(header);
req.method=URLRequestMethod.GET;
stream.load(req);

Yet, if I inspect the traffic with WireShark, the my-bespoke-header is not being sent. If I change to URLRequestMethod.POST and append some data to req.data, then the header is sent, but the receiving application requires a GET not a POST.

The documentation mentions a blacklist of headers that will not get sent. my-bespoke-header is not one of these. It's possibly worth mentioning that the originating request is from a different port on the same domain. Nothing is reported in the policyfile log, so it seems unlikely, but is this something that can be remedied by force loading a crossdomain.xml with a allow-http-request-headers-from despite the fact that this is not a crossdomain issue? Or is it simply an undocumented feature of the Flash Player that it can only send custom headers with a POST request?

bignose
  • 30,281
  • 14
  • 77
  • 110
spender
  • 117,338
  • 33
  • 229
  • 351

2 Answers2

6

From what I can gather, it seems like your assumption about the lack of custom headers support for HTTP GET is indeed an undocumented feature (or a bug?) in the standard libraries.

In any case, you might want to see if as3httpclient would fit your purposes and let you work around this issue. Here's a relevant snippet from a post in the blog of the developer of this library:

"I was not able to set the header of a HTTP/GET request. Macromedia Flash Player allows you set the header only for POST requests. I discussed this issues with Ted Patrick and he told me how I can us Socket to achieve the desired and he was very kind to give a me code-snippet, which got me started."

hasseg
  • 6,787
  • 37
  • 41
  • That's more-or-less what we are doing at the moment (rolling our own http), but the reliance on a socket connection means that the connection is not proxy aware unlike URLRequest/URLStream, and fails behind many corporate firewalls. – spender Oct 22 '08 at 15:17
  • 2
    Worse than that, using raw sockets then opens up the whole cross-domain security can of worms, with the need to have a policy file served on port 843. Which is blocked by many firewalls... – Malcolm Box Jan 18 '10 at 16:57
6

If this limitation was undocumented at one time, that's no longer the case. See:

http://livedocs.adobe.com/flex/3/langref/flash/net/URLRequest.html#requestHeaders

"[...] Due to browser limitations, custom HTTP request headers are only supported for POST requests, not for GET requests. [...]"

Chris W. Rea
  • 5,430
  • 41
  • 58