First of all let me say that any server side support to bypass any sort of Flash security restriction is out of the question in my situation, which explains my method of setting up my swf file. I am also not developing in Flex.
I currently have my swf built using the AS3 MySpaceID SDK (http://code.google.com/p/myspaceid-as3-sdk/) provided by MySpace. I have it set up such that it's hosted on myspacecdn.com (via Edit Source), and embeded from an external html file hosted on my server. This all works - authenticating, accessing user data (getProfile(), getMood()...etc). So far so good. But when I start to fire methods such as setMood(), which the SDK sends an HTTP header with PUT, I get this following error:
Error #2044: Unhandled securityError:. text=Error #2170: Security sandbox violation: http://cache01-widget01.myspacecdn.com/1/l_6955ede2a5d36a933586b6a9d4b16c20.swf cannot send HTTP headers to http://api.myspace.com/v1/users/26946321/mood.xml?oauth_consumer_key=b1dd0506f6014dab869be836546cdd96&oauth_nonce=0CYuBuzL9R0&oauth_signature=HNh4xJAF2Ncz%2FSmykSZBT87HUMQ%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1244831367.
A little digging explains this - http://kb2.adobe.com/cps/403/kb403030.html (Was MySpace aware of these restrictions)
So as far as I know there are two ways to get this work:
1. For MySpace to add "<allow-http-request-headers-from>" tag into their crossdomain.xml to open up access for Flash HTTP headers (http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html). This seems to make sense since the AS3 SDK framework is designed to leverage this approach.
2. Use ExterenalInterface to leverage Opensocial's JS api as a bridge
to by pass the security restrction, but how, since my swf container html is
else where and there is no direct access to the OpenSocial JS API files (seems that you must create a gadget to be hosted on the container platform and run the API from there)? This is just not Flash friendly.
Thanks for your help.