HTTPS + IE7 + CrossDomain weirdness
While doing a project at LBi Lost Boys (place where i work) I encountered some super weird bug/feature when requesting data over HTTPS from an insecure domain. Here is the situation: We have a swf hosted on Domain A, which uses vanilla HTTP and we request data from Domain B over HTTPS. First thing we did is place an crossdomain policy file on Domain B. It looks like this:
The ‘secure=false’ should make the communication between HTTP and HTTPS possible as described here. So that took care of that. Now the rest. We discovered the bug and though that buttons were not working in IE7/IE8. Then we figured out the button was working but the request was not being send 
We used standard code for making a request:
var variables : URLVariables = new URLVariables();
variables.someVar = someValue;
var request : URLRequest = new URLRequest( "REQUEST TO HTTPS SERVER" );
var loader : URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.TEXT;
request.data = variables;
request.method = URLRequestMethod.POST;
loader.addEventListener(Event.COMPLETE, handleRequestLoaded);
loader.addEventListener(IOErrorEvent.IO_ERROR, handleIOError);
loader.load(request);
try {
trace(request.url + " - " + variables.toString() + " - " + request.method);
loader.load(request);
} catch (e : Error) {
//trace(e);
}
What did we do to fix it?
Turns out that IE7/IE8 just fails silently when you do a request from HTTP to HTTPS, it just blocks the request, it does not even check for a crossdomain file on Domain B. (I checked this with Charles and Fiddler)
After reading several posts on the internets, i discovered that we needed to set the header of the PHP file. After doing this, it fixed the problem.
PHP Code:
header('Cache-Control: cache, must-revalidate');
header('Pragma: public');
And now it all works (The machine serving the PHP was running version 5.2.12.)
PDF 
