Fixed #5723

author: Stephen Beaver <sbeaver@netgate.com> 2016-01-06 14:53:06 -0500
committer: Stephen Beaver <sbeaver@netgate.com> 2016-01-06 14:53:36 -0500
commit: 311e4ad5ea15f8303205b31a2bc4afc868ee9441 (patch)
tree: f204dcbddf5551f1c85bb1eec7e9b115072b7cf0
parent: b55564f1da8e48d649349346ca8bbb6fcc76c123 (diff)
download: pfsense-311e4ad5ea15f8303205b31a2bc4afc868ee9441.zip
pfsense-311e4ad5ea15f8303205b31a2bc4afc868ee9441.tar.gz
1 files changed, 7 insertions, 4 deletions
diff --git a/src/usr/local/www/csrf/csrf-magic.js b/src/usr/local/www/csrf/csrf-magic.js
index d358b0f..a889773 100644
--- a/src/usr/local/www/csrf/csrf-magic.js
+++ b/src/usr/local/www/csrf/csrf-magic.js
@@ -40,10 +40,13 @@ CsrfMagic.prototype = {
     send: function(data) {
         if (!this.csrf_isPost) return this.csrf_send(data);
         prepend = csrfMagicName + '=' + csrfMagicToken + '&';
-        if (this.csrf_purportedLength === undefined) {
-            this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length);
-            delete this.csrf_purportedLength;
-        }
+
+ //		Removed to eliminate 'Refused to set unsafe header "Content-length" ' errors in modern browsers
+ //       if (this.csrf_purportedLength === undefined) {
+ //           this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length);
+ //           delete this.csrf_purportedLength;
+ //       }
+
         delete this.csrf_isPost;
         return this.csrf_send(prepend + data);
     },
author	Stephen Beaver <sbeaver@netgate.com>	2016-01-06 14:53:06 -0500
committer	Stephen Beaver <sbeaver@netgate.com>	2016-01-06 14:53:36 -0500
commit	311e4ad5ea15f8303205b31a2bc4afc868ee9441 (patch)
tree	f204dcbddf5551f1c85bb1eec7e9b115072b7cf0
parent	b55564f1da8e48d649349346ca8bbb6fcc76c123 (diff)
download	pfsense-311e4ad5ea15f8303205b31a2bc4afc868ee9441.zip pfsense-311e4ad5ea15f8303205b31a2bc4afc868ee9441.tar.gz