Well, we would actually probably just whitelist all headers. Cheers, -Jeff
On Mon, May 11, 2009 at 11:59 PM, Michal Gron <[email protected]> wrote: > Yes, true, but without correct crossdomain.xml file it's not possible > - Flash Player throws Security sandbox violation error. > I think something like this could be helpful: > <allow-http-request-headers-from domain="*" secure="false" headers=" > Authorization,X-Method-Override" /> > > Michal > > On Mon, May 11, 2009 at 11:00 PM, Jeff Fisher <[email protected]>wrote: > >> So noted. Might want to add your comments to the issue as well. Basically >> you will be needing to use the X-Method-Override header to fake the POST >> being a GET (basically you set the header to indicate what type of request >> you WANT to make and the API will process it as that even though it received >> it as something else.) >> >> Cheers, >> -Jeff >> >> >> On Mon, May 11, 2009 at 12:22 AM, michal.gron <[email protected]>wrote: >> >>> >>> There is also a problem when accessing private entries from Flash >>> Player authorized via AuthSub. >>> Somehow you need to send the Authorization header from Flash Player >>> (containing the AuthSub session token), and only possible way is to do >>> it via POST request because Flash Player cannot send headers with GET >>> request. >>> >>> And a POST request to PWA Data API meens creating something new, in >>> this case (i think :) ) a new Album entry. >>> >>> It looks like, there is (yet) no way to read private PWA entries >>> authorized via AuthSub because: >>> 1. we need crossdomain.xml with <allow-http-request-headers-from >>> domain="*" headers="Authorization"/> >>> 2. we need to be able send POST requests to read the private entries >>> >>> Thanks for any informations/hints on this. >>> >>> Michal >>> >>> >>> On 27. Mar., 20:56 h., Lee Evans <[email protected]> wrote: >>> > Thanks for getting back to me... >>> > >>> > This has been filed, If anyone else needs this, please star >>> > >>> > http://code.google.com/p/gdata-issues/issues/detail?id=1122 >>> > >>> > Thanks. >>> > >>> > Lee >>> > >>> > Lee Evans >>> > [email protected]<mailto:[email protected]> >>> > >>> > From: [email protected] [mailto: >>> [email protected]] On Behalf Of Jeff Fisher >>> > Sent: Friday, March 27, 2009 1:03 PM >>> > To: [email protected] >>> > Subject: [PWA API] Re: Sending Authorization Header from Flash/AS3 >>> > >>> > Hi, >>> > >>> > Sounds reasonable. Please file a feature request: >>> > >>> > http://code.google.com/p/gdata-issues/issues/entry >>> > >>> > Cheers, >>> > -Jeff >>> > >>> > On Thu, Mar 26, 2009 at 12:26 PM, Lee <[email protected]<mailto: >>> [email protected]>> wrote: >>> > >>> > Hello, >>> > >>> > I've been trying to authorize my Flash/AS3 Photo Viewer against Picasa >>> > and I have no problems getting the Auth Token from ClientLogin >>> athttps://www.google.com/accounts/ClientLogin >>> > >>> > However it seems that for me to send this auth token to >>> > PicasaWebAlbums as part of an authorization header from AS3, thehttp:// >>> photos.googleapis.com/data/crossdomain.xmlfile at needs to >>> > include... >>> > >>> > <allow-http-request-headers-from domain="*" headers="Authorization"/> >>> > >>> > (perhttp://kb.adobe.com/selfservice/viewContent.do?externalId=kb403184 >>> > ) >>> > >>> > I have no idea what the implications are of Google making this change, >>> > but has any one else requested this and is this something that could >>> > possibly be done so that the Picasa web albums that require a >>> > authorization header can be accessed directly from Flash? >>> > >>> > I'm aware that I could also use a proxy to relay the authorization >>> > header, but I'd rather keep the extra hop to my server out of the loop >>> > if possible. >>> > >>> > Any info would be greatly appreciated. >>> > >>> > Thanks >>> > >>> > Lee Evans >>> > [email protected]<mailto:[email protected]> >>> >>> >> >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Picasa Web Albums API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Picasa-Data-API?hl=en -~----------~----~----~----~------~----~------~--~---
