Dealing with AS3’s ArgumentError: Error #2096 while pushing an innocuous URLRequestHeader

I’m working on a Flex mobile application that has me parsing SIDs and Auth values from Google’s client login. You may find yourself in this situation if you need to make requests to Google’s various APIs. In my case, I’m using Google Reader, and it requires that I pass in an Authorization header with all of my URLRequests, the value of which needs to be taken from Google’s client login response. This seemed like an easy task, but I kept hitting an annoying error, which turned out to be a red herring:

ArgumentError: Error #2096: The HTTP request header GoogleLogin auth=(long string)
cannot be set via ActionScript.

This error strongly indicates that I was doing something that transgresses AIR’s security sandbox, which is simply not the case.

It turns out that I had grabbed the value of auth from Google’s response, but I had failed to notice that Google was putting a newline character on the end of the auth string. When I fixed this by stripping the newline and putting the modified String into the URLRequestHeader, the runtime had no problem with it.

Thus, if you have an error that sounds like what I’ve described, make sure you’re not trying to set the URLRequestHeader with a value that has a newline or similar character somewhere in it. You can strip it out any number of ways, including String‘s replace() function.

7 Responses to Dealing with AS3’s ArgumentError: Error #2096 while pushing an innocuous URLRequestHeader

  1. Patric Jonsson says:

    Hi Daniel, I have banged my head with the same issue you are describing. However, removing that newline character did not solve it for me, it still returns the ArgumentError.

    You´re working in a Flex project, while I´m working in Flash, creating an AIR application. I have read in several posts that the Flex framework allows this “Authorization” key word while Flash does not.

    Do you have any clues?

    Best regards
    Patric Jonsson

  2. dkoestle says:

    Hey Patric,

    If you’re working in AIR, even if it’s Flash content and not Flex, setting the “Authorization” token in a URLRequestHeader shouldn’t violate any security sandboxes. It’s only when you deploy with Flash as the runtime that you should run into these sorts of security violations.

    In my case, I found it illuminative to manually trace out that “auth” string I thought I was setting, copying it, and hardcoding it into my program. At this point I learned that AIR had no problem setting the header, so I was able to narrow it down to specific characters inside the string. (When I copied and pasted, I missed the newline character, so I stripped it out, even though I didn’t immediately realize it.)

    Do you still see the error, even if you put very simple data into the Authorization header? E.g., try entering just “1234.”

  3. Danel says:


    funny cuz i know Patric and we both work on similar project at the same time.

    my question is. is it even possible to add urlrequestheaders in air (for it to work on android as well).

    im dealing here with andoid app in air where passing requestheaders gives me an error in id 2032, that means unable to load url ?

    when commenting requestheader part in as3, it all works but i get backwrong data :S

  4. Danel says:

    Nm, solved it by setting Cookie property manually in new requestheader… 🙂

    probably received header contained set-cookie or some other property that confused requestHeaders.

  5. Fred says:

    I am doing the same project. Write service in Flex to use C2DM, 2097 Error, how do you solved the problem.

    • dkoestle says:

      In my case the URLRequestHeader contained a newline. See if you’re modifying the URLRequestHeader in any way. If not, there are many other situations that can cause this error.

  6. James Li says:

    Thank you!
    I met the same problem and solved now by your info.