File 0002-CVE-2020-8167.patch of Package rubygem-actionview-5_1.30716
--- actionview-5.1.4/lib/assets/compiled/rails-ujs.js.orig 2022-09-28 17:32:36.014931947 +0200
+++ actionview-5.1.4/lib/assets/compiled/rails-ujs.js 2022-09-28 17:33:32.343344155 +0200
@@ -221,8 +221,8 @@
}
if (!options.crossDomain) {
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
+ CSRFProtection(xhr);
}
- CSRFProtection(xhr);
xhr.withCredentials = !!options.withCredentials;
xhr.onreadystatechange = function() {
if (xhr.readyState === XMLHttpRequest.DONE) {