Battlenet-Namespace header blocked by CORS?

Hi community,

I am trying to use the WoW game data API, but I am running into CORS issues.

I make a request to fetch a list of realms via https://eu.api.blizzard.com/data/wow/realm/index. To specify the namespace, I opted for the Battlenet-Namespace header as documented at https://develop.battle.net/documentation/guides/game-data-apis-wow-namespaces (at the very bottom).

However, the browser reports that the API request was blocked due to the token battlenet-namespace missing in the CORS header Access-Control-Allow-Headers from the CORS preflight channel. I looked at the preflight response and it indeed does not contain this header:

access-control-allow-headers: if-none-match,gateway-operation,accept-language,data-channel-event-id,accept,authorization,if-modified-since,x-requested-by,if-unmodified-since,x-requested-with,content-type,if-match,content-language

If I understand this correctly, the Blizzard API would need to allow the namespace header explicitely in order for my request to work. Am I missing something here? Is the header not supported any more?

Thanks & cheers!

1 Like

If you send a wrong namespace header it gives you a 403 response not related to CORS.

In this case I think is is just the CORS policy in place, you are not supposed to call the API directly from the browser as it would expose your client credentials to the end user which is completely against the ToS.

1 Like

Ah that makes sense. Currently I am writing the app mostly to play around, so a potential user needs to specify his/her own API key to use it. If I ever want to host it on a server, I would have to split it up anyway. Thanks!