Commit ce06ef55 authored by Tim Graham's avatar Tim Graham
Browse files

[1.5.x] Fixed #22859 -- Improved crossDomain technique in CSRF example. 

Thanks flisky for the report.

Backport of 0be4d644 from master
parent 7342784b

docs/ref/contrib/csrf.txt

+1 −2
Original line number Diff line number Diff line
@@ -190,9 +190,8 @@ jQuery 1.5 and newer in order to replace the ``sameOrigin`` logic above: 
        return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));

    }

    $.ajaxSetup({

        crossDomain: false, // obviates need for sameOrigin test

        beforeSend: function(xhr, settings) {

            if (!csrfSafeMethod(settings.type)) {

            if (!csrfSafeMethod(settings.type) && !this.crossDomain) {

                xhr.setRequestHeader("X-CSRFToken", csrftoken);

            }

        }