summaryrefslogtreecommitdiffstats
path: root/src/usr/local
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr/local')
-rw-r--r--src/usr/local/www/csrf/csrf-magic.js11
1 files changed, 7 insertions, 4 deletions
diff --git a/src/usr/local/www/csrf/csrf-magic.js b/src/usr/local/www/csrf/csrf-magic.js
index d358b0f..a889773 100644
--- a/src/usr/local/www/csrf/csrf-magic.js
+++ b/src/usr/local/www/csrf/csrf-magic.js
@@ -40,10 +40,13 @@ CsrfMagic.prototype = {
send: function(data) {
if (!this.csrf_isPost) return this.csrf_send(data);
prepend = csrfMagicName + '=' + csrfMagicToken + '&';
- if (this.csrf_purportedLength === undefined) {
- this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length);
- delete this.csrf_purportedLength;
- }
+
+ // Removed to eliminate 'Refused to set unsafe header "Content-length" ' errors in modern browsers
+ // if (this.csrf_purportedLength === undefined) {
+ // this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length);
+ // delete this.csrf_purportedLength;
+ // }
+
delete this.csrf_isPost;
return this.csrf_send(prepend + data);
},
OpenPOWER on IntegriCloud