summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2014-06-18 14:35:38 -0400
committerTim Graham <timograham@gmail.com>2014-06-18 14:37:24 -0400
commitd4a3fd44f04fd06252ccfdd001772daa35c510d1 (patch)
tree65623c8ce1dea63d7e89aeebf89fbdeb77f19972
parent6b52e1793c682d4f9c8f030dcbe6908ddddf875e (diff)
[1.6.x] Fixed #22859 -- Improved crossDomain technique in CSRF example.
Thanks flisky for the report. Backport of 0be4d64487 from master
-rw-r--r--docs/ref/contrib/csrf.txt3
1 files changed, 1 insertions, 2 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index 5c73ba3242..ac495cbbd4 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -190,9 +190,8 @@ jQuery 1.5 and newer in order to replace the ``sameOrigin`` logic above:
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
- crossDomain: false, // obviates need for sameOrigin test
beforeSend: function(xhr, settings) {
- if (!csrfSafeMethod(settings.type)) {
+ if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}