I have an Azure App Service with a mandatory Authentication based on the Azure Active Directory. It is serving an API server and a webapp calling the server.
All the GET work perfectly, however the POST all get rejected with
403 Forbidden
.
The Cookies are properly set to pass the authentication check.
Oddly enough, when I replayed the POST with Postman, they succeeded. I could narrow down the difference that lead to rejection:
Whenever the
User-Agent
header isMozilla/5.0
Why is there such a mechanism in Azure ? How to deactivate it ?
CodePudding user response:
After digging in the suggestion, I could verify that is was not a CORS issue neither precisely a User-Agent to change.
Actually Chrome browser does not support User-Agent update as of 2022-06-06, so this option cannot be chosen.
After this, POST requests worked.