Bug ID 507390: Do not insert the CSRF token into links to JavaScript

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:

Opened: Feb 17, 2015

Severity: 3-Major


Application functionality is broken on some links.


Application is broken, some links ot JavaScript don't work


CSRF is enabled on the policy and a URL on which CSRF is enabled gets a broken link to JavaScript.



Fix Information

We now check the links before inserting the CSRF token. We do not put the token on links to JavaScripts.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips