403 errors after upgrading to 11.1.4 with Cookie Authentication

Just to be clear, this only happens on a single page? Are there multiple tabs/windows open, and was one of them potentially logged out during this? Would it be possible to share an HTTP trace and any JavaScript errors?

Sorry, it happens on all the pages that make a call to the  - api.ashx/v2/notifications.json  .  The 403 error only occurs on the call to api.ashx.  It breaks most pages.  Nothing is logged in the exceptions table.   Popup errors are displayed on the page.

Would it be possible to include any JavaScript errors and an HTTP trace? Also, can you try running this in the browser console? It's a simple REST request that should just return the current user's user object in the console. I'm trying to verify if any REST requests from the UI are being authenticated.

jQuery.telligent.evolution.get({
	url: jQuery.telligent.evolution.site.getBaseUrl() + 'api.ashx/v2/users/{id}.json',
	data: { id: jQuery.telligent.evolution.user.accessing.id },
	success: function(response) { 
		console.log(response.User);
	}
});

Would it be possible to include any JavaScript errors and an HTTP trace? Also, can you try running this in the browser console? It's a simple REST request that should just return the current user's user object in the console. I'm trying to verify if any REST requests from the UI are being authenticated.

jQuery.telligent.evolution.get({
	url: jQuery.telligent.evolution.site.getBaseUrl() + 'api.ashx/v2/users/{id}.json',
	data: { id: jQuery.telligent.evolution.user.accessing.id },
	success: function(response) { 
		console.log(response.User);
	}
});

I'm not seeing any Javascript errors.  See below, the script resulted in 403.  I'm logged as administrator.

VM333:1 GET sitefaqdn/.../2102.json 403
send @ jquery.min.js:2
ajax @ jquery.min.js:2
jQuery.ajax @ jquery.migrate.js:228
a @ telligent.evolution.min.js:360
k @ telligent.evolution.min.js:365
get @ telligent.evolution.min.js:366
(anonymous) @ VM333:1

So this verifies that no REST requests from the UI are being authenticated, not just the one to /notifications.json, which happens to be common. Can you share an HTTP/Fiddler trace?

Thank you, I've reviewed the trace, and it seems neither the Authorization-Code nor Rest-Authorization-Code headers are being included on REST requests from the UI. This isn't a known issue. Do you have any customizations overriding jQuery.ajax or setting options through jQuery.ajaxSetup()? It may be useful to escalate this to support for closer review.

No, we are not doing anything with jquery.ajax.  This started with upgrading to 11.1.4.  I have opened a support case.

This was caused by httpOnlyCookies setting set to True in the Configuration Editor in IIS