Bug ID 560601: HTML5 File API and MediaSource URLs are blocked in Portal Access

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
13.0.0

Opened: Dec 02, 2015
Severity: 3-Major

Symptoms

Web Application is not working and a message similar to following is logged to the developer tools console in the browser: "Refused to load media from 'blob:https://...' because it violates the following Content Security Policy directive: ..."

Impact

Applications with usage of HTML5 File API could stop working when accessed via APM Portal Access.

Conditions

This occurs on web applications that are using the HTML5 file API

Workaround

when HTTP_RESPONSE_RELEASE { if { [HTTP::header exists Content-Security-Policy] } { HTTP::header replace Content-Security-Policy \ [string map {"data:" "data: blob: mediasource: mediastream:"} [HTTP::header Content-Security-Policy]] } }

Fix Information

blob: and mediasource: URL schemes are now allowed on pages accessed through APM Portal Access.

Behavior Change