What sort of Application is this exactly? (SPA, Desktop app, mobile app?) Either way, this certainly sounds like what other mentioned, likely at an issue with:* CORS* Referrer Filter* CSRF Token CORS seems like the most likely suspect. Can you log the response headers from your app?