Bug ID 756437: ASM XMLHTTPRequest wrapper attempts to access responseText for non text respnseType

Last Modified: Sep 14, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,,

Fixed In:

Opened: Jan 24, 2019

Severity: 4-Minor


A website that uses non-text values for XMLHTTPRequest.responseType experiences issues, and JavaScript errors are shown in the browser console. Failed to read the 'responseText' property from 'XMLHttpRequest': The value is only accessible if the object's 'responseType' is '' or 'text' (was 'blob').


End-user experience might be affected; website functionality might malfunction.


This occurs under either set of conditions: 1. -- ASM provisioned. -- ASM policy attached to a virtual server. -- AJAX blocking page enabled in the ASM policy. 2. -- Bot Defense or DoS Application profile attached to a virtual server. -- Single page application enabled in the Bot Defense or DoS Application profile.


For Conditions set 1: Disable AJAX blocking page. For Conditions set 2: Disable Single page application.

Fix Information

ASM XMLHTTPRequest wrapper now avoid illegal access to XMLHTTPRequest.responseText.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips