If you mean the extra headers that we can inject in each API request, then I'm afraid it's not possible to get them in CloudScript.
In CloudScript, args parameter is an object representation of the FunctionParameter field of an ExecuteCloudscript request. context parameter is additional information about the request when it is triggered by a PlayStream event action, including the data from the event that triggered the action (context.playStreamEvent) and the profile data for the player associated with it. (context.playerProfile). For more info, please see https://api.playfab.com/docs/tutorials/landing-automation/writing-custom-cloud-script. Extraheaders is added to support double encrypted logins. You should not need this in CloudScript. To pass something to CloudScript, usually you should set FunctionParameter/Arguments and then retrieve with args.
If you have any special requirement, please feel free to let us know.
My concern is for security purpose if i have client token then i can easily access cloud script and client token can be easily taken from just api request.
You are correct, a valid sessionTicket gives a client the ability to execute Cloud Script. You would need to determine what the right level of verification to perform in your Cloud Script functions is. If you'd like to pass in encrypted data which you then decrypt to prove an identity, you can. It's a very flexible system, but that flexible does create opportunities for security holes if you're not careful.
Also, we do plan to support proper session tokens at some point. This should help to reduce the vulnerability of the sessionTickets of today.
So is there way to read extra headers in cloud scripts ?
Other options like encryption may be cracked if user know algoritham
4 People are following this question.
