Yes, true, but without correct crossdomain.xml file it's not possible - Flash Player throws Security sandbox violation error. I think something like this could be helpful: <allow-http-request-headers-from domain="*" secure="false" headers=" Authorization,X-Method-Override" />
Michal On Mon, May 11, 2009 at 11:00 PM, Jeff Fisher <[email protected]>wrote: > So noted. Might want to add your comments to the issue as well. Basically > you will be needing to use the X-Method-Override header to fake the POST > being a GET (basically you set the header to indicate what type of request > you WANT to make and the API will process it as that even though it received > it as something else.) > > Cheers, > -Jeff > > > On Mon, May 11, 2009 at 12:22 AM, michal.gron <[email protected]>wrote: > >> >> There is also a problem when accessing private entries from Flash >> Player authorized via AuthSub. >> Somehow you need to send the Authorization header from Flash Player >> (containing the AuthSub session token), and only possible way is to do >> it via POST request because Flash Player cannot send headers with GET >> request. >> >> And a POST request to PWA Data API meens creating something new, in >> this case (i think :) ) a new Album entry. >> >> It looks like, there is (yet) no way to read private PWA entries >> authorized via AuthSub because: >> 1. we need crossdomain.xml with <allow-http-request-headers-from >> domain="*" headers="Authorization"/> >> 2. we need to be able send POST requests to read the private entries >> >> Thanks for any informations/hints on this. >> >> Michal >> >> >> On 27. Mar., 20:56 h., Lee Evans <[email protected]> wrote: >> > Thanks for getting back to me... >> > >> > This has been filed, If anyone else needs this, please star >> > >> > http://code.google.com/p/gdata-issues/issues/detail?id=1122 >> > >> > Thanks. >> > >> > Lee >> > >> > Lee Evans >> > [email protected]<mailto:[email protected]> >> > >> > From: [email protected] [mailto: >> [email protected]] On Behalf Of Jeff Fisher >> > Sent: Friday, March 27, 2009 1:03 PM >> > To: [email protected] >> > Subject: [PWA API] Re: Sending Authorization Header from Flash/AS3 >> > >> > Hi, >> > >> > Sounds reasonable. Please file a feature request: >> > >> > http://code.google.com/p/gdata-issues/issues/entry >> > >> > Cheers, >> > -Jeff >> > >> > On Thu, Mar 26, 2009 at 12:26 PM, Lee <[email protected]<mailto: >> [email protected]>> wrote: >> > >> > Hello, >> > >> > I've been trying to authorize my Flash/AS3 Photo Viewer against Picasa >> > and I have no problems getting the Auth Token from ClientLogin >> athttps://www.google.com/accounts/ClientLogin >> > >> > However it seems that for me to send this auth token to >> > PicasaWebAlbums as part of an authorization header from AS3, thehttp:// >> photos.googleapis.com/data/crossdomain.xmlfile at needs to >> > include... >> > >> > <allow-http-request-headers-from domain="*" headers="Authorization"/> >> > >> > (perhttp://kb.adobe.com/selfservice/viewContent.do?externalId=kb403184 >> > ) >> > >> > I have no idea what the implications are of Google making this change, >> > but has any one else requested this and is this something that could >> > possibly be done so that the Picasa web albums that require a >> > authorization header can be accessed directly from Flash? >> > >> > I'm aware that I could also use a proxy to relay the authorization >> > header, but I'd rather keep the extra hop to my server out of the loop >> > if possible. >> > >> > Any info would be greatly appreciated. >> > >> > Thanks >> > >> > Lee Evans >> > [email protected]<mailto:[email protected]> >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Picasa Web Albums API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Picasa-Data-API?hl=en -~----------~----~----~----~------~----~------~--~---
