From 691b8dd8edfbcdcff66b9bf7bdaa5e875af28006 Mon Sep 17 00:00:00 2001
From: sdwoodbury <stuartwx@yahoo.com>
Date: Mon, 13 Sep 2021 00:36:27 -0400
Subject: [PATCH] Made CSRF JavaScript example more reusable.

---
 docs/ref/csrf.txt | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt
index 6e340bcdeb..56fcd77563 100644
--- a/docs/ref/csrf.txt
+++ b/docs/ref/csrf.txt
@@ -150,12 +150,13 @@ Finally, you'll need to set the header on your AJAX request. Using the
 
     const request = new Request(
         /* URL */,
-        {headers: {'X-CSRFToken': csrftoken}}
+        {
+            method: 'POST',
+            headers: {'X-CSRFToken': csrftoken},
+            mode: 'same-origin' // Do not send CSRF token to another domain.
+        }
     );
-    fetch(request, {
-        method: 'POST',
-        mode: 'same-origin'  // Do not send CSRF token to another domain.
-    }).then(function(response) {
+    fetch(request).then(function(response) {
         // ...
     });