I created a post at Playfab’s forum (my third party hosted API). You can find the link to the post here:
https://community.playfab.com/questions/17575/ue4-cors-w-playfab-login.html
To quote their response:
What’s interesting is that their
answer to this
(HTML5 CORS Issue to my Hosts API / Hosted Server - Platform & Builds - Epic Developer Community Forums)
is to add
“Access-Control-Allow-Origin: *” to
our response headers. But that’s
already in our headers - see the file
you posted, above.The issue that’s being thrown by the
preflight in your game’s code is that
pragma isn’t an allowed header. Which
isn’t surprising -
x-unrealengine-agent isn’t an allowed
header, either (neither of those are
applicable to any calls to PlayFab).
So basically, even though those
headers shouldn’t be in any call you
make to PlayFab, it sounds like the
preflight logic in UE is checking for
compatibility and rejecting the call.
If you remove the pragma header from
the call, you should be able to get
past this.
Please let me know if there is a way to manually remove the ‘pragma’ and ‘x-unrealengine-agent’ header or, if necessary, open a bug report.