Bug ID 719079: Portal Access: same-origin AJAX request may fail under some conditions.

Last Modified: Sep 06, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1

Fixed In:
14.1.0, 13.1.1.4

Opened: May 08, 2018
Severity: 3-Major

Symptoms

Portal Access may reject response to same-origin AJAX request if host names in request and its origin differ in case.

Impact

Web application may not work correctly.

Conditions

Same-origin AJAX request with a host name whose case differs from the case of the origin page's host name, for example: Request page: https://example.com/some/file Page with URL: https://Example.com/origin/page.html

Workaround

Use an iRule to remove 'F5_origin' parameter from the AJAX requests, for example: when HTTP_REQUEST { if { [ HTTP::path ] contains "/iNotes/Forms9.nsf/iNotes/Proxy/" and [ HTTP::query ] contains "F5_origin=" } { regsub {F5_origin=[0-9a-f]+&F5CH=I} [ HTTP::query ] {F5CH=I} query HTTP::query $query } }

Fix Information

Now Portal Access handles same-origin AJAX requests correctly when host name case differs from the host name of origin page.

Behavior Change