AS3 Using a Loader to load a file protected by htaccess

I'm attempting to load an external SWF that's hosted on a site i开发者_JAVA技巧nto a local SWF file. The external SWF is in a password-protected directory using htaccess.

Here is the code I'm currently trying to use:

var loaderUrlRequest:URLRequest = new URLRequest("http://www.my-website.com/externalFlashFile.swf");
loaderUrlRequest.requestHeaders.push(new URLRequestHeader("Authorization", "Basic " + $Base64.encode("username:password")));
loaderUrlRequest.method = URLRequestMethod.POST;
loaderUrlRequest.data = true;
var loader:Loader = new Loader();
addChildAt(loader, 0);
loader.load(loaderUrlRequest);

The file URL, username, password, and base64 encoding are all checked and correct.

However, I'm getting the following errors:

Error opening URL 'http://www.my-website.com/externalFlashFile.swf'
Error #2044: Unhandled IOErrorEvent:. text=Error #2036: Load Never Completed.

Any ideas what I might be doing wrong, or if there's a better way to go about this from a purely-flash perspective?

Thanks.

---

White whale, holy grail

In Adobe® AIR®, content in the application security sandbox (such as content installed with the AIR application) can use any request headers, without error. However, for content running in Adobe AIR that is in a different security sandbox, or for content running in Flash® Player, using following request headers cause a runtime error:

Accept-Charset, Accept-Encoding, Accept-Ranges, Age, Allow, Allowed, Authorization, Charge-To, Connect, Connection, Content-Length, Content-Location, Content-Range, Cookie, Date, Delete, ETag, Expect, Get, Head, Host, If-Modified-Since, Keep-Alive, Last-Modified, Location, Max-Forwards, Options, Origin, Post, Proxy-Authenticate, Proxy-Authorization, Proxy-Connection, Public, Put, Range, Referer, Request-Range, Retry-After, Server, TE, Trace, Trailer, Transfer-Encoding, Upgrade, URI, User-Agent, Vary, Via, Warning, WWW-Authenticate, x-flash-version.

URLRequestDefaults.setLoginCredentialsForHost: Sets default user and password credentials for a selected host. ... Only Adobe® AIR® content running in the application security sandbox can use the URLRequestDefaults class.

So, you have but one option: load your swf from a web page of that very domain that requires authorization. You'll be through http authorization steps before swf is loaded and browser will maintain the rest.

In fact, when you try to access something behind http authorization, a server issues a http response with code=401 (unless you send Authorization header beforehand). Flash Player can do nothing about it and only AIR runtime is capable of sending Authorization header in any way.

---

You need to authenticate from within your ActionScript application, which can be achieved by use of some static variables and methods on the URLRequestDefaults class.

All you need to do, is add these two lines of code before you make the call with URLLoader:

URLRequestDefaults.setLoginCredentialsForHost(hostname, user, password);
URLRequestDefaults.authenticate = true;

You can drop the requestHeaders too (unless they have another purpose).