Hooray!!!! Thanks!!!
On Jun 18, 6:48 am, "michal.gron" <[email protected]> wrote: > OMG! IT WORKS! > THANK YOU! > > e.g. list your private albums here:http://www.prasa.sk/authsub/ > > Michal > > On Jun 2, 12:02 pm, Michal Gron <[email protected]> wrote: > > > > > Hi, > > > with the "X-HTTP-Method-Override: GET" header i get: > > > Fault: Error #2170: Security sandbox > > violation:http://www.prasa.sk/authsub/index.swfcannotsend HTTP headers > > tohttp://photos.googleapis.com/data/feed/api/user/default?access=private. > > > and the flashlog.txt says: > > > Error: Request for resource > > athttp://photos.googleapis.com/data/feed/api/user/default?access=privateby > > requestor fromhttp://www.prasa.sk/authsub/index.swfisdenied due to lack > > of policy file permissions. > > *** Security Sandbox Violation *** > > Connection > > tohttp://photos.googleapis.com/data/feed/api/user/default?access=privat... > > - not permitted fromhttp://www.prasa.sk/authsub/index.swf > > > Looks like the X- header doesn't work.. > > > Thanks > > Michal > > > On Wed, May 20, 2009 at 8:33 PM, Jeff Fisher <[email protected]> wrote: > > > Alright - turns out we only need to whitelist Authorization. X headers > > > aren't blacklisted by the player. We don't want to whitelist them all for > > > security reasons. Updating the crossdomain.xml is being worked on > > > currently. > > > > Cheers, > > > -Jeff > > > > On Tue, May 12, 2009 at 12:06 PM, Jeff Fisher > > > <[email protected]>wrote: > > > >> Well, we would actually probably just whitelist all headers. > > > >> Cheers, > > >> -Jeff > > > >> On Mon, May 11, 2009 at 11:59 PM, Michal Gron > > >> <[email protected]>wrote: > > > >>> Yes, true, but without correct crossdomain.xml file it's not possible > > >>> - Flash Player throws Security sandbox violation error. > > >>> I think something like this could be helpful: > > >>> <allow-http-request-headers-from domain="*" secure="false" headers=" > > >>> Authorization,X-Method-Override" /> > > > >>> Michal > > > >>> On Mon, May 11, 2009 at 11:00 PM, Jeff Fisher > > >>> <[email protected]>wrote: > > > >>>> So noted. Might want to add your comments to the issue as well. > > >>>> Basically you will be needing to use the X-Method-Override header to > > >>>> fake > > >>>> the POST being a GET (basically you set the header to indicate what > > >>>> type of > > >>>> request you WANT to make and the API will process it as that even > > >>>> though it > > >>>> received it as something else.) > > > >>>> Cheers, > > >>>> -Jeff > > > >>>> On Mon, May 11, 2009 at 12:22 AM, michal.gron > > >>>> <[email protected]>wrote: > > > >>>>> There is also a problem when accessing private entries from Flash > > >>>>> Player authorized via AuthSub. > > >>>>> Somehow you need to send the Authorization header from Flash Player > > >>>>> (containing the AuthSub session token), and only possible way is to do > > >>>>> it via POST request because Flash Player cannot send headers with GET > > >>>>> request. > > > >>>>> And a POST request to PWA Data API meens creating something new, in > > >>>>> this case (i think :) ) a new Album entry. > > > >>>>> It looks like, there is (yet) no way to read private PWA entries > > >>>>> authorized via AuthSub because: > > >>>>> 1. we need crossdomain.xml with <allow-http-request-headers-from > > >>>>> domain="*" headers="Authorization"/> > > >>>>> 2. we need to be able send POST requests to read the private entries > > > >>>>> Thanks for any informations/hints on this. > > > >>>>> Michal > > > >>>>> On 27. Mar., 20:56 h., Lee Evans <[email protected]> wrote: > > >>>>> > Thanks for getting back to me... > > > >>>>> > This has been filed, If anyone else needs this, please star > > > >>>>> >http://code.google.com/p/gdata-issues/issues/detail?id=1122 > > > >>>>> > Thanks. > > > >>>>> > Lee > > > >>>>> > Lee Evans > > >>>>> > [email protected]<mailto:[email protected]> > > > >>>>> > From: [email protected] [mailto: > > >>>>> [email protected]] On Behalf Of Jeff Fisher > > >>>>> > Sent: Friday, March 27, 2009 1:03 PM > > >>>>> > To: [email protected] > > >>>>> > Subject: [PWA API] Re: Sending Authorization Header from Flash/AS3 > > > >>>>> > Hi, > > > >>>>> > Sounds reasonable. Please file a feature request: > > > >>>>> >http://code.google.com/p/gdata-issues/issues/entry > > > >>>>> > Cheers, > > >>>>> > -Jeff > > > >>>>> > On Thu, Mar 26, 2009 at 12:26 PM, Lee <[email protected]<mailto: > > >>>>> [email protected]>> wrote: > > > >>>>> > Hello, > > > >>>>> > I've been trying to authorize my Flash/AS3 Photo Viewer against > > >>>>> Picasa > > >>>>> > and I have no problems getting the Auth Token from ClientLogin > > >>>>> athttps://www.google.com/accounts/ClientLogin > > > >>>>> > However it seems that for me to send this auth token to > > >>>>> > PicasaWebAlbums as part of an authorization header from AS3, > > >>>>> thehttp://photos.googleapis.com/data/crossdomain.xmlfileatneeds to > > >>>>> > include... > > > >>>>> > <allow-http-request-headers-from domain="*" > > >>>>> > headers="Authorization"/> > > > >>>>> > (perhttp:// > > >>>>> kb.adobe.com/selfservice/viewContent.do?externalId=kb403184 > > >>>>> > ) > > > >>>>> > I have no idea what the implications are of Google making this > > >>>>> change, > > >>>>> > but has any one else requested this and is this something that could > > >>>>> > possibly be done so that the Picasa web albums that require a > > >>>>> > authorization header can be accessed directly from Flash? > > > >>>>> > I'm aware that I could also use a proxy to relay the authorization > > >>>>> > header, but I'd rather keep the extra hop to my server out of the > > >>>>> loop > > >>>>> > if possible. > > > >>>>> > Any info would be greatly appreciated. > > > >>>>> > Thanks > > > >>>>> > Lee Evans > > >>>>> > [email protected]<mailto:[email protected]>- Hide quoted > > >>>>> > text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Picasa Web Albums API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Picasa-Data-API?hl=en -~----------~----~----~----~------~----~------~--~---
