Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.2, 12.1.3, 12.1.3.1
Fixed In:
14.0.0, 12.1.3.2
Opened: Jan 03, 2018 Severity: 5-Cosmetic
When debugging a mobile device with ASM Device ID enabled, the Google Chrome browser console log contains JavaScript errors similar to the following: net::ERR_UNKNOWN_URL_SCHEME. Note: In order to view the Chrome browser console log, you must use BrowserStack from a developer's console, or physically connect the phone by cable, enable 'usb debug', enable 'device discovery' on Chrome on the desktop, and view the console from there.
Mobile device app developers might be concerned about the errors, potentially asking about why the ASM JavaScript code attempts to access UNKNOWN_URL_SCHEME in a mobile device. The errors occur because Device ID enabled on an ASM policy uses the JavaScript request URI argument 'chrome-extension' to detect the existence of malicious browser extension. However, Chrome on Android/iOS does not support 'chrome-extension'.
-- ASM policy is attached on a virtual server with deviceID enabled. -- Device ID collection request has been sent from a mobile device. -- Chrome browser console log is opened.
Disable Device ID in ASM policy.
The system now avoids checking Chrome extensions on mobile devices, so no UNKNOWN_URL_SCHEME errors occur.