diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt
index 6e340bcdeb1..56fcd775633 100644
--- a/docs/ref/csrf.txt
+++ b/docs/ref/csrf.txt
@@ -150,12 +150,13 @@ Finally, you'll need to set the header on your AJAX request. Using the
 
     const request = new Request(
         /* URL */,
-        {headers: {'X-CSRFToken': csrftoken}}
+        {
+            method: 'POST',
+            headers: {'X-CSRFToken': csrftoken},
+            mode: 'same-origin' // Do not send CSRF token to another domain.
+        }
     );
-    fetch(request, {
-        method: 'POST',
-        mode: 'same-origin'  // Do not send CSRF token to another domain.
-    }).then(function(response) {
+    fetch(request).then(function(response) {
         // ...
     });