We get in our logs Started POST "/autodiscover/autodiscover.xml"
from the same addresses from which one of our legit users is making normal http requests to our application through our client-side code. All we find on Google for that url suffix, is that it's probably used for exchange discovery. Our code base doesn't include that string. Any idea why these post messages may be hitting our server from a nascent client device?
Do you have a custom domain set up, pointing to your heroku app? Could one of your users be attempting to set up outlook with an email address that ends in your domain? From this microsoft article:
For example, if [email protected] is entered as the user’s e-mail address, Outlook 2010 looks for the XML file in the following locations and in the following order:
https://contoso.com/autodiscover/autodiscover.xml
https://autodiscover.contoso.com/autodiscover/autodiscover.xml