Commit 0be4d644 authored by Tim Graham's avatar Tim Graham
Browse files

Fixed #22859 -- Improved crossDomain technique in CSRF example. 

Thanks flisky for the report.
parent 87d0a338

docs/ref/contrib/csrf.txt

+1 −2
Original line number Diff line number Diff line
@@ -186,9 +186,8 @@ jQuery 1.5 and newer in order to replace the ``sameOrigin`` logic above: 
        return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));

    }

    $.ajaxSetup({

        crossDomain: false, // obviates need for sameOrigin test

        beforeSend: function(xhr, settings) {

            if (!csrfSafeMethod(settings.type)) {

            if (!csrfSafeMethod(settings.type) && !this.crossDomain) {

                xhr.setRequestHeader("X-CSRFToken", csrftoken);

            }

        }