Fixed #22859 -- Improved crossDomain technique in CSRF example.

Thanks flisky for the report.
This commit is contained in:
Tim Graham 2014-06-18 14:35:38 -04:00
parent 87d0a3384c
commit 0be4d64487
1 changed files with 1 additions and 2 deletions

View File

@ -186,9 +186,8 @@ jQuery 1.5 and newer in order to replace the ``sameOrigin`` logic above:
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
crossDomain: false, // obviates need for sameOrigin test
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type)) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}