I have an Azure App Service with a mandatory Authentication based on the Azure Active Directory. It is serving an API server and a webapp calling the server.
All the GET work perfectly, however the POST all get rejected with
403 Forbidden
.
The Cookies are properly set to pass the authentication check.
Oddly enough, when I replayed the POST with Postman, they succeeded. I could narrow down the difference that lead to rejection:
Whenever the
User-Agent
header isMozilla/5.0
Why is there such a mechanism in Azure ? How to deactivate it ?
After digging in the suggestion, I could verify that it was not a CORS issue neither precisely a User-Agent to change.
Actually Chrome browser does not support User-Agent update as of 2022-06-06, so this option cannot be chosen.
The solution idea came from https://github.com/Azure/azure-functions-host/issues/1602#issuecomment-309532954
And to focus on the fix, in App Service
/ Authentication
:
https://{name}.azurewebsites.net
After this, POST requests worked.