summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2014-06-18 14:35:38 -0400
committerTim Graham <timograham@gmail.com>2014-06-18 14:38:30 -0400
commitd29f3b9e878c10417d66e1542ac52fe2ca242cf8 (patch)
tree08849a7320cf79e27ff623d4f616061eaa54b7a0 /docs/ref
parentd39fcff11a152e37fbc9a0fb34216415ef2a03da (diff)
[1.4.x] Fixed #22859 -- Improved crossDomain technique in CSRF example.
Thanks flisky for the report. Backport of 0be4d64487 from master
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/contrib/csrf.txt3
1 files changed, 1 insertions, 2 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index c6d448811d..591223e8b5 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -190,9 +190,8 @@ jQuery 1.5 and newer in order to replace the `sameOrigin` logic above:
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
- crossDomain: false, // obviates need for sameOrigin test
beforeSend: function(xhr, settings) {
- if (!csrfSafeMethod(settings.type)) {
+ if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}