Forum Discussion
1 Reply
Sort By
- natheCirrocumulus
Winstonj,
The way to tell is to open the Developer Tools (F12 for example) and in the response body you will see extra javascript code injected in the response, probably prefaced with src=/TSbd" - this tells you CSRF protection/token is being injected. Are you enabling this on only the URL that will be used for a POST request?
Have you seen this support article? Overview of the BIG-IP ASM CSRF protection feature
It has been known to interfere with some applications, however. See K11885: The CSRF protection feature may interfere with applications that use JavaScript It's an Archived article but hopefully still helpful.
Hope this helps,
N