HTTPS only without redirect
This feature has been requested multiple times (like here: https://feedback.azure.com/forums/169385-web-apps/suggestions/6868536-provide-require-ssl-setting-for-azure-websites), but has been closed time after time with the same workaround. The workaround consists of adding a redirect rule to web.config.
We however want a way to disable insecure HTTP requests completely.
Think of an API that gets called by a React or Angular app. Calling the HTTP endpoint of the API would be a bug and might lead to sensitive information like the access token being send over HTTP. It would appear to work, because the request gets redirected to HTTPS, so the bug would be harder to track.
So please don't close this request with the same workaround, because it's not a workaround for this particular request. :)
We are working on this feature and will provide updates soon.