@Ershad Nozari Thanks for your offline discussion. The product team has investigated it further and as per initial investigation "Microsoft Defender for Cloud Apps" creates a Proxy that intercepts all requests going out of Azure portal. It looks like MCAS proxy is either removing or modifying headers from the outgoing request thus causing this behavior.
We can see the request the portal domain as portal.azure.com.mcas.ms in your case. For your reference sharing this document from defender cloud apps end.
Unfortunately, as of now we don't have any ETA for the fix as this is further investigated. I will update this thread once I have any further update from my team.
As the workaround you can check the Bypass CORS proxy
option or pass the subscription key as the query string from the azure portal.
-----------------------------------------
@Ershad Nozari Thanks for reaching out. As per the error message the issue is not related to CORS, but the subscription key is not correctly passed when you are calling your APIM API's.
For CORS troubleshooting you can always refer to this document.
Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API.
In case if the issue would be caused due to CORS when you are testing from developer portal: https://<<yourapiminstancename>>.developer.azure-api.net/ then CORS error will be as below.
Unable to complete the request
Since the browser initiates the request, it requires Cross-Origin Resource Sharing (CORS) enabled on the server. Learn more
**Error when CORS Policy is missing: **
**Error when CORS Policy was added but the Subscription Keys is missing from header: ** Same error that you have observed
If your API has enabled the Required Subscription Key
then you need to pass the Ocp-Apim-Subscription-Key
as the header and subscription key as the value to resolve the issue.
In case if you still observe the issue then I will suggest you to enable the OCP APIM trace to debug your API. In case if you need any help with reviewing the trace then please let me know and I will initiate a private comment so you can share the details.
Feel free to get back to me if you need any assistance.