Hello, I’m a web craftsman with a passion for the modern web. I build web applications and play with social services and communities.

June 19, 2009 at 6:23 pm

Recently I created a Flash-based file uploader for a website that was behind a HTTP Basic Auth.

Javascript calls flash for the file upload handling but Flash doesn’t know any browser cookies or any basic auth information. So the flash script always fails to upload the files since it can’t log into the basic auth area.

So I was looking for a workaround for this problem and came across a simple solution. You have to exclude the server-side script (async-upload.php in this example) that receives the uploads from Flash from the Basic Auth. To do so you can add the following lines to the .htaccess file in the same directory as the server-side script.

# Exclude the file upload script from authentication
<FilesMatch "(async-upload\.php)$">
Satisfy Any
Order allow,deny
Allow from all
Deny from none
</FilesMatch>

Hope this will help someone.