question

Lorenzo Sani avatar image
Lorenzo Sani asked

Getting 'sessionticket header is not allowed' when calling ExecuteCloudScript

Hi,

I'm trying to execute a Cloud Script to reset the user's password via this REST API request. I am not using PlayFab's JavaScript SDK here as this is just a static website where the user can input a new password.

Whenever I make the ajax request below I get the error "Access to XMLHttpRequest at 'https://e206c.playfabapi.com/Client/ExecuteCloudScript' from origin 'null' has been blocked by CORS policy: Request header field sessionticket is not allowed by Access-Control-Allow-Headers in preflight response."

This is the request I send:

$.ajax({
    beforeSend: (jqXHR, settings) => {
      jqXHR.setRequestHeader("SessionTicket", data.data.SessionTicket);
    },
    type: "POST",
    url: "https://E206C.playfabapi.com/Client/ExecuteCloudScript",
    data: JSON.stringify({
      FunctionName: "resetPassword",
      FunctionParameter: {
        password: $("#password").val(),
        token: urlParams.get("token")
      }
    }),
    success: handleSuccess,
    error: handleError,
    contentType: "application/json"
  })
apisCloudScript
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Sarah Zhang avatar image
Sarah Zhang answered

If you don’t want to use JavaScript SDK here. You can refer to the source code of the Js SDK, as the source code shows, the authKey of request header should be X-EntityToken, X-Authorization, or X-SecretKey. When you call the client API ExecuteCloudScript, the authKey of request header should be “X-Authorization”, the authValue should be the value of the session ticket.

...

jqXHR.setRequestHeader("X-Authorization", data.data.SessionTicket);

...
1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Lorenzo Sani avatar image Lorenzo Sani commented ·

Thanks Sarah, this solved it!

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.