Bug ID 756437: ASM XMLHTTPRequest wrapper attempts to access responseText for non text respnseType

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3

Fixed In:
15.0.0

Opened: Jan 24, 2019
Severity: 4-Minor

Symptoms

A website that uses non-text values for XMLHTTPRequest.responseType experiences issues, and JavaScript errors are shown in the browser console. Failed to read the 'responseText' property from 'XMLHttpRequest': The value is only accessible if the object's 'responseType' is '' or 'text' (was 'blob').

Impact

End-user experience might be affected; website functionality might malfunction.

Conditions

This occurs under either set of conditions: 1. -- ASM provisioned. -- ASM policy attached to a virtual server. -- AJAX blocking page enabled in the ASM policy. 2. -- Bot Defense or DoS Application profile attached to a virtual server. -- Single page application enabled in the Bot Defense or DoS Application profile.

Workaround

For Conditions set 1: Disable AJAX blocking page. For Conditions set 2: Disable Single page application.

Fix Information

ASM XMLHTTPRequest wrapper now avoid illegal access to XMLHTTPRequest.responseText.

Behavior Change