Bug ID 507390: Do not insert the CSRF token into links to JavaScript

Last Modified: Mar 17, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3,,,,, 11.6.4, 11.6.5,,,

Fixed In:

Opened: Feb 17, 2015
Severity: 3-Major


Application functionality is broken on some links.


Application is broken, some links ot JavaScript don't work


CSRF is enabled on the policy and a URL on which CSRF is enabled gets a broken link to JavaScript.



Fix Information

We now check the links before inserting the CSRF token. We do not put the token on links to JavaScripts.

Behavior Change