Fixed #22859 -- Improved crossDomain technique in CSRF example.
Thanks flisky for the report.
This commit is contained in:
parent
87d0a3384c
commit
0be4d64487
|
@ -186,9 +186,8 @@ jQuery 1.5 and newer in order to replace the ``sameOrigin`` logic above:
|
||||||
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
|
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
|
||||||
}
|
}
|
||||||
$.ajaxSetup({
|
$.ajaxSetup({
|
||||||
crossDomain: false, // obviates need for sameOrigin test
|
|
||||||
beforeSend: function(xhr, settings) {
|
beforeSend: function(xhr, settings) {
|
||||||
if (!csrfSafeMethod(settings.type)) {
|
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
|
||||||
xhr.setRequestHeader("X-CSRFToken", csrftoken);
|
xhr.setRequestHeader("X-CSRFToken", csrftoken);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue