Drew Shefman, a Houston based free-lance Software Craftsmen / Interactive Developer / Architect and Instructor, shares his discoveries as he navigates the intricacies of the RIA world as he departs from Flex to other stacks
Just found out that using HTTPService passes in header information. With Flash Player 9 securtiy updates, crossdomain.xml needs to have an extra field to allow for headers. This field is <allow-http-request-headers-from>.
You might have issues if you call a simple webservice API via HTTPSerice because of this. If the webservice has a crossdomain file that only has allow access flag, but not an header flag - use URLLoader instead.