Use Case - We have a shell IOS app and they content for the app comes from AEM Content Sync. We are introducing couple of forms to be submitted via App, these forms will POST data to a servlet on AEM Publish instance. The POST data contains fields outside the form data, coming form IOS application settings/configurations.
Issue - Sling Referrer Filter blocks the POST from the IOS app.
Setting the referrer header in your JS code would be a security issue, so it is not permitted by the browser (or in this case, Cordova container).
You can bypass the Referrer Filter by overriding your app's user agent with a value that does not contain "Mozilla" or "Opera", in effect indicating that these requests are not coming from a browser. Place the following line in your app's config.xml, replacing "Custom User Agent String" with the value you would like to use:
<preference name="OverrideUserAgent" value="Custom User Agent String" />