diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt index 6e340bcdeb..56fcd77563 100644 --- a/docs/ref/csrf.txt +++ b/docs/ref/csrf.txt @@ -150,12 +150,13 @@ Finally, you'll need to set the header on your AJAX request. Using the const request = new Request( /* URL */, - {headers: {'X-CSRFToken': csrftoken}} + { + method: 'POST', + headers: {'X-CSRFToken': csrftoken}, + mode: 'same-origin' // Do not send CSRF token to another domain. + } ); - fetch(request, { - method: 'POST', - mode: 'same-origin' // Do not send CSRF token to another domain. - }).then(function(response) { + fetch(request).then(function(response) { // ... });