Does Flash not support username/password in a URL? What are my alternatives?_问答_开发者

Does Flash not support username/password in a URL? What are my alternatives?

开发者 https://www.devze.com 2023-04-12 22:46 出处：网络

I\'ve been trying to load some JSON from a URL with a username/password at the beginning. So the URL resembles: http://username:password@www.myaddress.org.uk/api/profiles/

I've been trying to load some JSON from a URL with a username/password at the beginning.

So the URL resembles: http://username:password@www.myaddress.org.uk/api/profiles/

I've been using the DataLoader class from greensock and it returns a Error #2032: Stream Error if the authentication is up but loads fine when it is disabled.

I'm trying to add a 'Authorization' URLRequestHeader to get round this issue? Is this the best way forward?

If it is relevant, I'm developing using FlashDevelop 4.0 / Flex SDK 4.5.1 on Windows 7 Enterprise.

Thanks in advance!

Edit:

I'm trying to use headers in a similar way to this post: Flex 3 - how to support HTTP Authentication URLRequest? but I'm not having much success. The base64 encoder I'm using is from here: http://jpauclair.net/2010/01/09/base64-optimized-as3-lib/

开发者_开发知识库2nd Edit: latest code

_loader = new DataLoader(ENDPOINT, { onComplete:handleComplete, onError:handleError, onFail:handleFail } );

_loader.request.method = URLRequestMethod.POST;
_loader.request.data = new URLVariables("required=RandomData");

var bytes:ByteArray = new ByteArray();
bytes.writeUTFBytes(USER+':'+PASS);
var headerString:String = Base64.encode(bytes);
var header:URLRequestHeader = new URLRequestHeader('Authorization', 'Basic ' + headerString );
_loader.request.requestHeaders.push(header);

_loader.load();

crossdomain.xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy 
  SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="*" />
   <allow-http-request-headers-from domain="*" headers="Authorization" />
</cross-domain-policy>

Edit 3 I've also tried using a URLLoader:

var urlRequest:URLRequest = new URLRequest(ENDPOINT);
urlRequest.method = URLRequestMethod.POST;
urlRequest.data = new URLVariables("required=RandomData");

var bytes:ByteArray = new ByteArray();
bytes.writeUTFBytes(USER+':'+PASS);
var headerString:String = Base64.encode(bytes);
var header:URLRequestHeader = new URLRequestHeader('Authorization', 'Basic ' + headerString );
urlRequest.requestHeaders.push(header);

_urlLoader = new URLLoader(urlRequest);
_urlLoader.addEventListener(Event.COMPLETE, temp_handleComplete);
_urlLoader.addEventListener(IOErrorEvent.IO_ERROR, temp_handleError);

Basic Authentication is pretty restricted in Flash, especially if you're looking to consume an API. I would suggest wrapping the request at your own server where you could implement a session-based or key-based authentication.

Eg. http://api.your-domain.co.uk/api/profiles/?key=0123456789abdef would invoke a server-side script that 1) checks for the validity of the API key and 2) fetches data from http://username:password@www.myaddress.org.uk/api/profiles/ and returns it.

If you're using more than the "/api/profiles/" out of the API, I suggest writing a rewrite that would accept any path and fetch the corresponding remote path. The script can be anything that is supported on your server, from a php script to a bash script.

Or if your server application supports it you may even use something like mod_proxy for setting up a Reverse Proxy. Actually, now that I think about it, a reverse proxy using Apache or Lighttpd might be the easiest of the solutions! (See: http://httpd.apache.org/docs/2.0/mod/mod_proxy.html)