id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15973	Ajax CSRF code in docs doesn't always work.	ehutch79@…	nobody	"while making urls are local, simply filtering for relative urls is not sufficient. several libraries may end up requesting a fully qualified url that is in fact local.

my suggestion is to change this line:
{{{
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
}}}
to this:
{{{
var root = location.protocol + '//' + location.host;
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url)) || settings.url.substr(0, root.length) === root  ) {
}}}
"	Bug	closed	Documentation	1.3	Normal	duplicate			Accepted	1	0	0	0	0	0