search cancel

Unable to upload MacOS logs to Apple Support with WSS Agent active


Article ID: 254252


Updated On:


Web Security Service - WSS


The MacOS team are unable to upload logs to Apple support.

Users can login to Apple site, select file to upload but get an upload status failed almost immediately.

No clear error message indicating why upload has failed - just that it failed.

Has been working previously and no changes made to host.

WSS Agent 8.1.1 running on the macOS host.



MacOS 12.6

WSS Agent 8.1.1


Possible issue with HTTP headers injected by WSS.


Added SSL interception bypass for

This avoided any inspection by proxy which could add HTTP headers or apply policies that could have triggered this.

Assuming that backend changes were performed on Apple side that triggered this issue.

Additional Information

Grabbed Symdiag and HAR file from workstation when the issue appears.

The HAR file is very useful in terms of events triggered during upload. The user tried to upload a file dummy2.txt … this is done through a CORS enabled webapp as we can see REST calls being made. It is these REST calls that are not working normally. From screenshot below

- Packet 99 is the initial upload of the file
- Packet 100 and 101 are repeated over and over again
   - 100 is a POST request that includes the filename, which fails to get a response – this is key. The "x-geneva-server-error" response header reports "Invalid pre-flight call. Access-Control-Request-Method required". We know from the request that the access-control-request-method included the POST method!
   - 101 looks like a CORS pre-flight request that fails to get any response back
- Packet 108 is the eventual upload error after multiple CORS pre-flight requests fail.

The PCAPs from Symdiag clearly shows the connection to was created and data was exchanged in both directions. We could also see that it was SSL inspected, thereby adding potential headers that could impact this or maybe dropping requests per policy.