ASM insert CSRF although not specify URL
Hi We're using LTM/ASM with v.12.1.3 and right now we see issue as we have enable CSRF protection but we didn't specify and URL in URL list. From my understanding, F5 should insert csrf in case we specify URL in URL list. Why F5 insert it although we not specift URL list? Is it a bug? ps1. we have issue when using IE11 but we didn't have issue when using chrome. ps2. when using IE11, issue is occur intermittently. Thank youUsing ASM and CSRF with Angular
Does any one have experience using ASM CSRF with the Angular framework? I see the in normal responses for HTML that the CSRT URL parameter is appended to for subsequent requests. However, our Angular application does not have this occur. According to the docs for angular it looks, by default, for a cookie named XSRF-TOKEN on the first HTTP request and then replies with subsequent requests with an HTTP header X-XSRF-TOKEN. Is there a way to fill in the value from the default "CSRT" parameter so that Angular can find this? I can't find any docs on how CSRT is generated from ASM.
CSRF Protection not Working
implmentation of CSRF protection is very simple on f5 device , unfortunately it didn`t work with me and every attempt from my browser " firefox " to access the authenticated URL as "/authenticated/* " is blocked ... as shown below , here are the javascript token added on page response but why f5 cannot detect this CSRF token !!! script type="text/javascript"> !-- window["_csrf_"] = "080672e6ab84a0008fd244ab2571f208bfe3204574c6e527769d1127606cff47e44d7efd81a8416297bbec25adbe3c55a10fa3a3ec1061e32adbdd05c697677a31e70c3f284c5b441b92c973e9c7ef6ef767f94488efa7a7f1118c01228fbb42a420ea3f9e8401f18eb2b9c69a16bd35cbf424e7cdd787c2b8178f070c4942f7cfa56107dca8e2d31bbf8aaa476f1472704dc1ba72e035ff6c132d7ad8f384aceea21b0c29b269e1"; //-- Questions: 1- is there any other CSRF tokens should appear somewhere as i studied it should appear also on url as a paramter ?? 2- what are the prerequisites for enabling CSRF ?
