question

Best Answer
Brendan Vanous said on Tue, 07 April 2015 at 3:21 PM

Hi again,

This should now be fixed - we've updated our CORS headers to account for this. Please do let us know if you're still seeing any issues.

Brendan

---

5 Comments
Brendan Vanous said on Sun, 05 April 2015 at 10:39 PM

There's effectively no difference, as under the covers our code accepts both X-Authentication and X-Authorization. However, I'd recommend using X-Authentication, since that's what our docs cover (and so that one is guaranteed to remain the same). Looking at the service code, I do see where it can return the string you called out. Thanks for mentioning this, I'll get it corrected so that it's not confusing.

Brendan

---

jonnybee12345 said on Mon, 06 April 2015 at 12:39 AM

Thanks Brendan,

Sadly on Chrome <and maybe other browsers> if the request header isn't found in the responses allow-headers the XMLHttpRequest will fail with header not allowed message. ( this is how I discovered the mismatch in first place :).

---

Brendan Vanous said on Mon, 06 April 2015 at 12:50 AM

Ah, a good point - thanks. I'll bring this up with the engineering team tomorrow.

---

Brendan Vanous said on Tue, 07 April 2015 at 3:21 PM

Hi again,

This should now be fixed - we've updated our CORS headers to account for this. Please do let us know if you're still seeing any issues.

Brendan

---

jonnybee12345 said on Wed, 08 April 2015 at 2:32 AM

Perfect, Thanks Brendan, I'll let you know if I see any issues.