One of our development teams is adding a new OAUTH token feature to an application. Sending the JSON call with the Authorization header creates an error within F5_ASM (ver 15.13):
HTTP Validation Unparsable request content
Details Unparsable authorization header value
I also see that the Authorization header's data is masked, though there's no settings for the Authorization header in the policy. What are my best options for troubleshooting this issue?
It's not immediately clear to us whether we have the option to do the first option (disable the Unparsable request content violation) for specific policies because of how the impact sentence is phrased. Does that option cover specific policies or all policies behind F5_ASM?
Similarly with the second option, 'ignore_authorization_header_decode_failure' -- does that option cover specific policies or all policies behind F5_ASM?