[x] bug report -> please search issues before submitting
[ ] documentation issue or request
[ ] regression (a behavior that used to work and stopped in a new release)
Issue description
When protecting a container app with the builtin authentication options using AAD auth and sending requests to my container app with a generative "User-Agent" header such as "Angular", other than the browser specific one: e.g. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" the app returns with a 401 response, even when I configured the app to redirect to the login page. Which is awesome when combining UI and API deployments but the problem is that the "User-Agent" header for ajax calls can't be changed and is browser protected.
Since all GET requests from a browser using the normal navigator send no "Accept" header, this header could be used to determine whether an AJAX requests is retrieving protected routes.
Steps to reproduce
Create a container app and add AAD authentication, make sure that redirect to authentication page is enabled
Call the app from your browser (You will be redirected)
Call the app from e.g. Postman and change the "User-Agent" header to anything other than browser specific ones (App will return 401)
Call the app from e.g. Postman and add "Accept: application/json" (App will show redirect page again)
Expected behavior [What you expected to happen.]
Call the app from e.g. Postman and add "Accept: application/json" (App should return 401 since this request will not come from a user directly)
Actual behavior [What actually happened.]
See above
Screenshots
Additional context
Ex. Did this issue occur in the CLI or the Portal: No
This issue is a: (mark with an x)
Issue description
When protecting a container app with the builtin authentication options using AAD auth and sending requests to my container app with a generative "User-Agent" header such as "Angular", other than the browser specific one: e.g. "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" the app returns with a 401 response, even when I configured the app to redirect to the login page. Which is awesome when combining UI and API deployments but the problem is that the "User-Agent" header for ajax calls can't be changed and is browser protected.
Since all GET requests from a browser using the normal navigator send no "Accept" header, this header could be used to determine whether an AJAX requests is retrieving protected routes.
Steps to reproduce
Expected behavior [What you expected to happen.] Call the app from e.g. Postman and add "Accept: application/json" (App should return 401 since this request will not come from a user directly)
Actual behavior [What actually happened.] See above
Screenshots
Additional context
Ex. Did this issue occur in the CLI or the Portal: No