flash.media.Sound not sending HTTP request headers

Question

I am using Flex 3 (ActionScript 3.0). I use the HTTP progressive download to play sound files. I want to secure the sound files, by only serving them when the request comes from my flex app. I chose the simplest solution of adding a HTTP header to each request send from the app. But flash.media.Sound object ignores the headers set in flash.net.URLRequest. Here's an example,

URLRequest sndFile = new URLRequest("http://blah.com/media/load_sound.php");
sndFile.requestHeaders = new Array(new URLRequestHeader("req-orgin", "myflexapp"));
Sound snd = new Sound(sndFile);
snd.play();

The value of req-origin comes as null in load_sound.php. When i inspect the request using Firebug, the request headers to http://blah.com/media/load_sound.php doesn't contain the header.

Does anybody know why the header is ignored? Is there any other way to identify that the request came from my flex app?

Thanks

Answer 1

The Flash player has really restricted header support for security reasons. I believe custom headers are only support on POST requests. There are all kinds of restrictions.

You can see additional info here: http://kb2.adobe.com/cps/403/kb403030.html

And here: http://livedocs.adobe.com/flash/9.0/ActionScriptLangRefV3/flash/net/URLRequestHeader.html

A cross domain policy file should solve any issues though, look here:

http://kb2.adobe.com/cps/403/kb403184.html

Goodluck! (You might need it)