Thursday, September 17, 2009

HTTPService and crossdomain.xml

Just found out that using HTTPService passes in header information. With Flash Player 9 securtiy updates, crossdomain.xml needs to have an extra field to allow for headers. This field is <allow-http-request-headers-from>.

You might have issues if you call a simple webservice API via HTTPSerice because of this. If the webservice has a crossdomain file that only has allow access flag, but not an header flag - use URLLoader instead.