File 0002-CVE-2020-8167.patch of Package rubygem-actionview-5_1.30716

--- actionview-5.1.4/lib/assets/compiled/rails-ujs.js.orig	2022-09-28 17:32:36.014931947 +0200
+++ actionview-5.1.4/lib/assets/compiled/rails-ujs.js	2022-09-28 17:33:32.343344155 +0200
@@ -221,8 +221,8 @@
         }
         if (!options.crossDomain) {
           xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
+          CSRFProtection(xhr);
         }
-        CSRFProtection(xhr);
         xhr.withCredentials = !!options.withCredentials;
         xhr.onreadystatechange = function() {
           if (xhr.readyState === XMLHttpRequest.DONE) {