-
Notifications
You must be signed in to change notification settings - Fork 654
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
POST Calls fail if Origin header isn't supplied #1806
Comments
Let us check the log. Will get back to you. |
The issue is, unlike CURL, Powershell's Invoke-RestMethod POST tries to mimics browser form-post (Content-Type: application/x-www-form-urlencoded, User-Agent: Mozilla/...). To protect against CSRF attack, we require additional headers the browser generally passes with form-post. Unfortunately, powershell Invoke-RestMethod POST does not pass those and the call is rejected. The workaround is ...
For instance, ...
|
btw, same as #1801 |
Closing since it's really a client issue. |
That error message could stand to be a bit more correct - the web app isnt stopped. For the record this also affects |
I don't see any mention of the Origin header being a requirement in POST requests so I'm assuming this is a bug.
I'm using PowerShell's
Invoke-RestMethod
to make Kudu API calls in Azure.This fails with a strange 403 error saying the site is Stopped (when it clearly isn't since GET requests go through fine).
Specifying a fake Origin makes it work,
The text was updated successfully, but these errors were encountered: