Thursday, October 2, 2008

Flash HTTP Client Limitations

Flash currently has no legitimate HTTP client when running within a browser. If your Flash browser application needs to integrate with a REST service, you may find your self having to write a bunch of extra code to work around Flash's limitations. Your two options when using the Flash APIs are flash.net.URLLoader and mx.rpc.http.HTTPService. HTTPService actually uses URLLoader internally, so any URLLoader limitations are passed along to HTTPService. URLLoader's largest limitation is its inability to send any request with an HTTP method other than GET or POST. Note that these aren't the only limitations - there are many others, as well as some interesting quirks.

When confronted with these limitations, I considered the following workarounds:
  • FDS Server Proxy - This would require every HTTP request to hit the FDS server, followed by the target REST service.
  • Homegrown Server Proxy - This essentially would be a free alternative to FDS. The actual HTTP request sent by the client would have to have to be wrapped in an HTTP POST, and the POST would include information about the actual HTTP method desired. The legitimate HTTP Client on the server-side would then send the actual HTTP request with the appropriate method to the REST service.
  • Flash Socket API - This seemed like it had potential, however I had the added restriction of HTTPS communication with the REST service. Some third-party libraries such as as3crypto exist which have limited TLS 1.0 support, but the code was very new at the time, and I probably would have ended up writing a lot of HTTP client code.
  • Browser's native HTTP Client via XML HTTP Request + flash.external.ExternalInterface - Basically flash calls out to a javascript method which sends the actual HTTP request. The javascript function then calls back to flash when it receives the response. This is the option that seemed the least like a hack, and required the least amount of work. It's working rather nicely so far.