diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index b1dd2a0ff0..29fa56de8a 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -186,9 +186,8 @@ jQuery 1.5 and newer in order to replace the ``sameOrigin`` logic above:
         return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
     }
     $.ajaxSetup({
-        crossDomain: false, // obviates need for sameOrigin test
         beforeSend: function(xhr, settings) {
-            if (!csrfSafeMethod(settings.type)) {
+            if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
                 xhr.setRequestHeader("X-CSRFToken", csrftoken);
             }
         }