Yes, this is because you are using different domains for the requested resource and the redirect uri resource.
You can create a custom WAF rule to allow requests for your specific use case while keeping the default rule enabled.
Here's how to create a custom WAF rule in the Azure portal:
- Go to the Azure portal and navigate to your Web Application Firewall (WAF) policy.
- In the "Settings" section, click on "Custom Rules."
- Click on "Add" to create a new custom rule.
- Give your rule a name and a description.
- Set the "Rule type" to "Match."
- In the "Match variables" section, select "RequestUri" as the variable and set the "Operator" to "Contains." Then, add the specific domain or pattern that you want to allow.
- Set the "Action" to "Allow."
- Click on "Add" to save the custom rule.
If this answer helped please mark it as accepted so others can find this topic.