Fixed #22859 -- Improved crossDomain technique in CSRF example.

Thanks flisky for the report.
2014-06-18 14:35:38 -04:00 · 2014-06-18 14:35:38 -04:00 · 0be4d64487
parent 87d0a3384c
commit 0be4d64487
1 changed files with 1 additions and 2 deletions
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@ -186,9 +186,8 @@ jQuery 1.5 and newer in order to replace the ``sameOrigin`` logic above:
        return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
    }
    $.ajaxSetup({
-        crossDomain: false, // obviates need for sameOrigin test
        beforeSend: function(xhr, settings) {
-            if (!csrfSafeMethod(settings.type)) {
+            if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
                xhr.setRequestHeader("X-CSRFToken", csrftoken);
            }
        }