Forum Discussion

Nimbostratus

May 30, 2014

apm sso inline javascript

Hi all, I'm trying to implement APM+SSO (form-based client-initiated) on a web-application. The form detection seems to work fine, because I can see injected Javascript in the page source on cli...

BIG-IP Access Policy Manager (APM)

security

kunjan_118660

Cumulonimbus

May 30, 2014

For Firefox, you can disable content security policy.. of course it brings down the security.

In address bar, type about:config and search for security.mixed_content.block_active_content. Double-click it and change its value to false.

Or you can try Form based SSO, instead of the client initiated Form SSO.

Philipp_Stadler

Nimbostratus

Jun 02, 2014

I already tried form based SSO, but I could catch the logon form by URI, with client-initiated form-based I did it by header field (Referrer), which worked ok. I think turning of security isn't a way to go for a public application. regards, Philipp

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

apm sso inline javascript

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 rSeries || Upgrade tenant

Round-robin method not load balanced

F5 AI Roadmap

F5 object groups in AFM

F5 BGP Peering in Active /Standby Cluster

Related Content

NGINX Plus Request body Rate Limit with the NJS module and javascript

Agentic AI with Social Engineering, JavaScript Stealer and the Silent Lynx

JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo)

Javascript injecting systems effect on web application end users - a scenario review

Javascript Insert v10+

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS