Bug ID 507390: Do not insert the CSRF token into links to JavaScript

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4

Fixed In:
12.0.0

Opened: Feb 17, 2015
Severity: 3-Major

Symptoms

Application functionality is broken on some links.

Impact

Application is broken, some links ot JavaScript don't work

Conditions

CSRF is enabled on the policy and a URL on which CSRF is enabled gets a broken link to JavaScript.

Workaround

None

Fix Information

We now check the links before inserting the CSRF token. We do not put the token on links to JavaScripts.

Behavior Change