From ce06ef5569705ab4a7c0a495deb7fe5efb63c153 Mon Sep 17 00:00:00 2001
From: Tim Graham <timograham@gmail.com>
Date: Wed, 18 Jun 2014 14:35:38 -0400
Subject: [PATCH] [1.5.x] Fixed #22859 -- Improved crossDomain technique in
 CSRF example.

Thanks flisky for the report.

Backport of 0be4d64487 from master
---
 docs/ref/contrib/csrf.txt | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index a5f4492be8..4c942aa422 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -190,9 +190,8 @@ jQuery 1.5 and newer in order to replace the ``sameOrigin`` logic above:
         return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
     }
     $.ajaxSetup({
-        crossDomain: false, // obviates need for sameOrigin test
         beforeSend: function(xhr, settings) {
-            if (!csrfSafeMethod(settings.type)) {
+            if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
                 xhr.setRequestHeader("X-CSRFToken", csrftoken);
             }
         }