diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2011-05-09 23:56:04 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2011-05-09 23:56:04 +0000 |
| commit | 285b464fb8cb972af6bbdd7cf62b46e75c128a64 (patch) | |
| tree | 32b9264353915c0be69ed82f2c4a88fac65e0206 /docs | |
| parent | cfc1756ef57b019b772ac60e651a76fe2d41a7e1 (diff) | |
[1.2.X] Updated AJAX example code in CSRF docs to be consistent regarding what are safe HTTP methods
Backport of [16202] from trunk.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@16204 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/contrib/csrf.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index 7ef1207d65..a7dbd019fe 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -125,7 +125,7 @@ that allow headers to be set on every request. In jQuery, you can use the !(/^(\/\/|http:|https:).*/.test(url)); } function safeMethod(method) { - return (method === 'GET' || method === 'HEAD'); + return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); } if (!safeMethod(settings.type) && sameOrigin(settings.url)) { |
