Make sure all SOAP API calls set the custom X-Session-Token header. This change is necessary to ensure consistent and secure authentication when the SDK is used in the context of a browser (where cookies can be blocked) with future server-side changes.
Related Issue
Third-party Cookies are blocked by the browsers, which means SOAP call authentication relies on the session token passed in the SOAP payload. Unfortunately this requires an ACC security zone with sessionTokenOnly flag set which is not a secure configuration. Instead, we pass the session token as an HTTP header and future builds of the server will be able to handle it in secure security zones.
Motivation and Context
Ensure secure access by default
How Has This Been Tested?
Unit tests
Types of changes
[ ] Bug fix (non-breaking change which fixes an issue)
[x] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
Description
Make sure all SOAP API calls set the custom X-Session-Token header. This change is necessary to ensure consistent and secure authentication when the SDK is used in the context of a browser (where cookies can be blocked) with future server-side changes.
Related Issue
Third-party Cookies are blocked by the browsers, which means SOAP call authentication relies on the session token passed in the SOAP payload. Unfortunately this requires an ACC security zone with sessionTokenOnly flag set which is not a secure configuration. Instead, we pass the session token as an HTTP header and future builds of the server will be able to handle it in secure security zones.
Motivation and Context
Ensure secure access by default
How Has This Been Tested?
Unit tests
Types of changes
Checklist: