Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0, 13.1.1.4
Opened: May 08, 2018 Severity: 3-Major
Portal Access may reject response to same-origin AJAX request if host names in request and its origin differ in case.
Web application may not work correctly.
Same-origin AJAX request with a host name whose case differs from the case of the origin page's host name, for example: Request page: https://example.com/some/file Page with URL: https://Example.com/origin/page.html
Use an iRule to remove 'F5_origin' parameter from the AJAX requests, for example: when HTTP_REQUEST { if { [ HTTP::path ] contains "/iNotes/Forms9.nsf/iNotes/Proxy/" and [ HTTP::query ] contains "F5_origin=" } { regsub {F5_origin=[0-9a-f]+&F5CH=I} [ HTTP::query ] {F5CH=I} query HTTP::query $query } }
Now Portal Access handles same-origin AJAX requests correctly when host name case differs from the host name of origin page.