mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-05-04 22:17:34 +00:00
Code Issues 32 Releases Wiki Activity

[1.4.x] Fixed #22859 -- Improved crossDomain technique in CSRF example.

Browse Source 
Thanks flisky for the report.

Backport of 0be4d64487 from master
This commit is contained in:
Tim Graham 2014-06-18 14:35:38 -04:00
parent d39fcff11a
commit d29f3b9e87
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/ref/contrib/csrf.txt
View File

@ -190,9 +190,8 @@ jQuery 1.5 and newer in order to replace the `sameOrigin` logic above:
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
} }
$.ajaxSetup({ $.ajaxSetup({
crossDomain: false, // obviates need for sameOrigin test
beforeSend: function(xhr, settings) { beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type)) { if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken); xhr.setRequestHeader("X-CSRFToken", csrftoken);
} }
} }