Bug ID 420977: Improved the system's placement of ASM JavaScript code.

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.2.1, 11.3.0, 11.4.0

Fixed In:
11.5.0, 11.4.0 HF3, 11.3.0 HF8

Opened: May 11, 2013

Severity: 3-Major


If you have pages where browser compatibility is maintained via the use of the '<meta http-equiv="X-UA-Compatible" content="IE=8" />' tag, the CSRF script could be injected into the wrong place.


CSRF script gets inserted after the first meta tag, not after the X-UA-Compatible meta tag. This can cause certain versions of Microsoft Internet Explorer (IE), for example, v10, to not load the pages properly.


When you enable CSRF protection, the site does not function as expected because the CSRF javascript is injected in the page before this tag. If you have other meta tags, the injection takes place after the first meta tag that show up before the "X-UA-Compatible" one.


This issue has no workaround at this time.

Fix Information

This version has improved the system's placement of ASM JavaScript code.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips