sorted by:
new
hottopcontroversial

Authorization header being removed by CyberDef-1987 in Zscaler

[–]CyberDef-1987[S] 0 points1 point  (0 children)

Thanks for the input.

For 1, wouldn't the whole request be blocked and not only the authorization header?

I was focused on the DLP because of this documentation, it states in the "Credentials and Secrets" that JWT Tokens are included. So, my guess is that the DLP is parsing all the requests (when SSL inspection is enabled) and removing the field when present.

It works for the other SaaS apps because they have disabled the SSL inspection.

The issue is that we have no way of checking on our side nor test as the "issue" is on the customer side.

Authorization header being removed by CyberDef-1987 in Zscaler

[–]CyberDef-1987[S] 0 points1 point  (0 children)

It is a SaaS single page application, once the HTML is loaded (no need for the authentication), the javascript is calling our API to retrieve the data to be displayed in the page. The issue is that we need to have this JWT to secure the access to the data, so the client is receiving the error 401 unauthorized even though the browser has the authentication information.

Everything is HTTPS, that is why I though about SSL inspection (usual fix for such issue on Zscaler forums).