Bug ID 747136: CSRF fires Javascript error in IE7 or IE11 Compatibility View to IE7

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1

Fixed In:
15.0.0

Opened: Oct 18, 2018

Severity: 3-Major

Symptoms

When csrf enabled in asm policy, it fires javascript errors in IE7

Impact

csrf doesn't work in IE7, POST requests being sent from IE7 will be blocked.

Conditions

- ASM provisioned - ASM policy attached to a virtual - ASM csrf protection configured - An HTML page accessed via IE7 or IE11 Compatibility View to IE7

Workaround

Disable CSRF protection in asm policy

Fix Information

csrf code is fixed and now have basic support for IE7

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips