diff options
| author | Tim Graham <timograham@gmail.com> | 2014-06-18 14:35:38 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2014-06-18 14:37:24 -0400 |
| commit | d4a3fd44f04fd06252ccfdd001772daa35c510d1 (patch) | |
| tree | 65623c8ce1dea63d7e89aeebf89fbdeb77f19972 /docs | |
| parent | 6b52e1793c682d4f9c8f030dcbe6908ddddf875e (diff) | |
[1.6.x] Fixed #22859 -- Improved crossDomain technique in CSRF example.
Thanks flisky for the report.
Backport of 0be4d64487 from master
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/contrib/csrf.txt | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index 5c73ba3242..ac495cbbd4 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -190,9 +190,8 @@ jQuery 1.5 and newer in order to replace the ``sameOrigin`` logic above: return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); } $.ajaxSetup({ - crossDomain: false, // obviates need for sameOrigin test beforeSend: function(xhr, settings) { - if (!csrfSafeMethod(settings.type)) { + if (!csrfSafeMethod(settings.type) && !this.crossDomain) { xhr.setRequestHeader("X-CSRFToken", csrftoken); } } |
