0

I am using Adobe Flash ActionScript 3.0 to upload and download a file from box.com. I am in the process of converting my code from using v1 to v2 of the box.com API. I was able to get the OAuth process to work (I get the access_token). However, I am not able to download a file. This is because downloading a file from box.com requires a GET with a header containing:

“Authorization: Bearer ”. (Reference: http://developers.box.com/docs/#files-download-a-file)

However, ActionScript does not support this:

Due to browser limitations, custom HTTP request headers are only supported for POST requests, not for GET requests. (From: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/URLRequest.html#requestHeaders)

If anybody knows a workaround for this, any pointers will be greatly appreciated.

user3078302
  • 1
  • 1

1 Answers1

0

Are you sure that you can't send the Authorization header? I'm pretty sure we've got a bunch of ActionScript developers that have figured out how to do it. Hopefully someone from that community can chime in with the actual recommended calls to make.

The Authorization HTTP header which we expect to contain the access token, is not a custom HTTP header. So I don't think it should be a problem. The documentation for the URLRequestHeader class says that there's a distinction between content running within and outside the application security sandbox and what headers can be used. Is it possible that you don't have your code correctly tagged as within the application security sandbox?

I'm no ActionScript coder, but the doc looks like you can set the Authorization header:

http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/URLRequestDefaults.html

Peter
  • 2,551
  • 1
  • 12
  • 20
  • Thank you so much for your reply -- I shall look into it and get back to you. – user3078302 Dec 10 '13 at 04:19
  • There are several entries on stackoverflow regarding Flex's inability to insert the Authorization header in HTTP GETs. E.g.: http://stackoverflow.com/questions/509219/flex-3-how-to-support-http-authentication-urlrequest A workaround is given regarding the use of POST to do a GET at: https://developers.google.com/gdata/docs/as-authsub?hl=de-DE&csw=1 It however requires crossdomain.xml to include X-HTTP-Method-Override in the headers. See: http://photos.googleapis.com/data/crossdomain.xml Compare that with this: https://api.box.com/crossdomain.xml – user3078302 Dec 11 '13 at 04:15
  • Wow... is that a workaround or an official workflow? – Kokodoko Nov 19 '15 at 14:55