Forum Discussion
ASM- CSRF protection.
Dears,
We are encountering an issue with CSRF protection after upgrading to version 13.0.0 HF3, noting that we didn't have the issue in version 12.1.2.
The CSRF protection is breaking a youtube video (It is embedded in the HTML by iframe and Java scripts), As far as i know that the system only examines URLs that you add to the URL List. The system performs as though all other URLs are safe and does not examine them, in my case i am not specifying any URLs in the list but unfortunately the CSRF protection breaking some of the URLs.
I am wondering if there are any changes of the CSRF protection behavior in version 13.0.0 HF3 ?
Regards, Muhannad
- natheCirrocumulus
I'm not aware of any known change in behaviour and according to the askf5 solution article. Did you say you haven't configured any URLs? I understand you do need to. Perhaps v13 enforces this more fully than v12.
I would also check the release notes of v13 and, specifically, the known issues section. Search for csrf and see if v13 has introduced a bug perhaps.
N
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com