jonnybee12345
started a topic on Sun, 05 April 2015 at 2:13 AM
Can someone explain the difference between X-Athentication and X-Authorization request headers?
I'm working on a facebook canvas application and using ajax to handle the playfab requests.
It seems on making a post request I get the following header response
Access-Control-Allow-Headers:
content-type, X-Authorization, X-PlayFabSDK, X-ReportErrorAsSuccess
As you can see, no X-Authentication.
However everything works correctly when I use X-Authorization to send my session ticket.
Answer by Brendan · Oct 05, 2015 at 12:39 AM
Best Answer
Brendan Vanous said on Tue, 07 April 2015 at 3:21 PM
Hi again,
This should now be fixed - we've updated our CORS headers to account for this. Please do let us know if you're still seeing any issues.
Brendan
5 Comments
Brendan Vanous said on Sun, 05 April 2015 at 10:39 PM
There's effectively no difference, as under the covers our code accepts both X-Authentication and X-Authorization. However, I'd recommend using X-Authentication, since that's what our docs cover (and so that one is guaranteed to remain the same). Looking at the service code, I do see where it can return the string you called out. Thanks for mentioning this, I'll get it corrected so that it's not confusing.
Brendan
jonnybee12345 said on Mon, 06 April 2015 at 12:39 AM
Thanks Brendan,
Sadly on Chrome <and maybe other browsers> if the request header isn't found in the responses allow-headers the XMLHttpRequest will fail with header not allowed message. ( this is how I discovered the mismatch in first place :).
Brendan Vanous said on Mon, 06 April 2015 at 12:50 AM
Ah, a good point - thanks. I'll bring this up with the engineering team tomorrow.
Brendan Vanous said on Tue, 07 April 2015 at 3:21 PM
Hi again,
This should now be fixed - we've updated our CORS headers to account for this. Please do let us know if you're still seeing any issues.
Brendan
jonnybee12345 said on Wed, 08 April 2015 at 2:32 AM
Perfect, Thanks Brendan, I'll let you know if I see any issues.