Skip to content

Commit f6885c5

Browse files
Blackwidow-sudoBlackwidow-sudo
authored
docs(security): Make clear which header to use for XSRF (#156)
1 parent e2775ce commit f6885c5

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

content/docs/security/securing_ssr_applications.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -189,7 +189,7 @@ enableXsrfCookie
189189

190190
When enabled, Shield will store the CSRF token inside an encrypted cookie named `XSRF-TOKEN`, which can be read by the frontend JavaScript code.
191191

192-
This allows frontend request libraries like Axios to read the `XSRF-TOKEN` automatically and set it as a header when making Ajax requests without server-rendered forms.
192+
This allows frontend request libraries like Axios to read the `XSRF-TOKEN` automatically and set it as a `X-XSRF-TOKEN` header when making Ajax requests without server-rendered forms.
193193

194194
You must keep the `enableXsrfCookie` disabled if you are not triggering Ajax requests programmatically.
195195

0 commit comments

Comments
 (0)