Forum Discussion
AltostratusCSRF Protection makes application inaccessible from Chrome
We have enabled ASM recently. If I enable CSRF Protection, the site becomes inaccessible from chrome but works fine from IE. When disabled, site loads perfectly fine. I could not find any logs under 'Illegal Requests'. Please guide.
The CSRF protection inserts javascript. Is javascript enabled in the chrome browser? Check: chrome://settings/content/javascript
If enabled, you can also open developer mode (F12) and take a look at the console. Maybe this will help you the find the cause of the problem. You can also use a tool like fiddler and make both a trace when accessing the site form IE and Chrome. Then compare those two traces.
smalexJava script is enabled.
Jiri_RosenmayerHi,
see this article
https://support.f5.com/csp/article/K11930
When you enable the CSRF protection feature, the system inserts custom JavaScript into the response pages of protected web applications.
In my experience this is often a problem and I try to avoid using any ASM feature which inserts JS
In your case probably, when the ASM inserts the JS, the IE can still render the page but chrome cannot. Check where in the response the ASM inserts the JS. You can solve this either by turning off the CSRF or update your application so that the ASM inserts to JS to "better" location in the HTTP response. So that even chrome can render the page.
Hope it helps
Jiri
