mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-04 17:59:13 +00:00
Code Issues 32 Releases Wiki Activity

[1.2.X] Fixed #15469 - CSRF token is inserted on GET requests

Browse Source 
Thanks to goran for report.

Backport of [16191] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@16194 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2011-05-09 21:39:22 +00:00
parent 87fa64ca7c
commit cfc1756ef5
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/ref/contrib/csrf.txt
View File

@ -124,7 +124,11 @@ that allow headers to be set on every request. In jQuery, you can use the
// or any other URL that isn't scheme relative or absolute i.e relative. // or any other URL that isn't scheme relative or absolute i.e relative.
!(/^(\/\/|http:|https:).*/.test(url)); !(/^(\/\/|http:|https:).*/.test(url));
} }
if (sameOrigin(settings.url)) { function safeMethod(method) {
return (method === 'GET' || method === 'HEAD');
}
if (!safeMethod(settings.type) && sameOrigin(settings.url)) {
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
} }
}); });