diff options
author | Stephen Beaver <sbeaver@netgate.com> | 2016-01-06 14:53:06 -0500 |
---|---|---|
committer | Stephen Beaver <sbeaver@netgate.com> | 2016-01-06 14:53:36 -0500 |
commit | 311e4ad5ea15f8303205b31a2bc4afc868ee9441 (patch) | |
tree | f204dcbddf5551f1c85bb1eec7e9b115072b7cf0 | |
parent | b55564f1da8e48d649349346ca8bbb6fcc76c123 (diff) | |
download | pfsense-311e4ad5ea15f8303205b31a2bc4afc868ee9441.zip pfsense-311e4ad5ea15f8303205b31a2bc4afc868ee9441.tar.gz |
Fixed #5723
-rw-r--r-- | src/usr/local/www/csrf/csrf-magic.js | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/usr/local/www/csrf/csrf-magic.js b/src/usr/local/www/csrf/csrf-magic.js index d358b0f..a889773 100644 --- a/src/usr/local/www/csrf/csrf-magic.js +++ b/src/usr/local/www/csrf/csrf-magic.js @@ -40,10 +40,13 @@ CsrfMagic.prototype = { send: function(data) { if (!this.csrf_isPost) return this.csrf_send(data); prepend = csrfMagicName + '=' + csrfMagicToken + '&'; - if (this.csrf_purportedLength === undefined) { - this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length); - delete this.csrf_purportedLength; - } + + // Removed to eliminate 'Refused to set unsafe header "Content-length" ' errors in modern browsers + // if (this.csrf_purportedLength === undefined) { + // this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length); + // delete this.csrf_purportedLength; + // } + delete this.csrf_isPost; return this.csrf_send(prepend + data); }, |