diff --git a/app/views/layouts/base_users.html.erb b/app/views/layouts/base_users.html.erb
index 1e0811039..32c4c3755 100644
--- a/app/views/layouts/base_users.html.erb
+++ b/app/views/layouts/base_users.html.erb
@@ -30,6 +30,7 @@
$.ajax({
url: '<%= update_score_user_path(:format => 'js') %>',
type: 'get',
+ beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))},
data: 'id=<%= @user.id %>',
remote: true
}) ;
diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index fcc2455f9..2fb50528f 100644
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -457,7 +457,6 @@ function randomKey(size) {
function updateIssueFrom(url) {
$.ajax({
url: url,
- beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))},
type: 'post',
data: $('#issue-form').serialize()
});
@@ -466,7 +465,6 @@ function updateIssueFrom(url) {
function updateBulkEditFrom(url) {
$.ajax({
url: url,
- beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))},
type: 'post',
data: $('#bulk_edit_form').serialize()
});
@@ -545,7 +543,6 @@ function initMyPageSortable(list, url) {
$.ajax({
url: url,
type: 'post',
- beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))},
data: {'blocks': $.map($('#list-'+list).children(), function(el){return $(el).attr('id');})}
});
}