From fddc28ba3bf539a3d8cf56757acdc6268614885e Mon Sep 17 00:00:00 2001 From: Robert Roth Date: Wed, 4 Apr 2018 13:03:43 +0300 Subject: [PATCH] Fixed typo in CSRF documentation. Fixes gh-4792 --- docs/manual/src/docs/asciidoc/_includes/web/csrf.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/src/docs/asciidoc/_includes/web/csrf.adoc b/docs/manual/src/docs/asciidoc/_includes/web/csrf.adoc index 467b0660ce..5e8f3068c6 100644 --- a/docs/manual/src/docs/asciidoc/_includes/web/csrf.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/web/csrf.adoc @@ -271,7 +271,7 @@ name: $("meta[name='_csrf_header']").attr("content") The configured client can be shared with any component of the application that needs to make a request to the CSRF protected resource. -One significant different between rest.js and jQuery is that only requests made with the configured client will contain the CSRF token, vs jQuery where __all__ requests will include the token. +One significant difference between rest.js and jQuery is that only requests made with the configured client will contain the CSRF token, vs jQuery where __all__ requests will include the token. The ability to scope which requests receive the token helps guard against leaking the CSRF token to a third party. Please refer to the https://github.com/cujojs/rest/tree/master/docs[rest.js reference documentation] for more information on rest.js.