We have an Angular application that makes POST requests to our backend APIs, and the application is protected with Cloudflare firewall and OWASP. Sometimes, when a user submits a form, it gives a 403 error with Cloudflare’s captcha page returned in the response body. We know that this can be fixed by setting firewall rules, but it’s not an option since it’s prohibited by our company policy.
Is there any way to send POST requests without having to complete the captcha? Can we get around this by manually setting a cf_clearance cookie in the client browser?