From b7f42f574a7a3e3dd1e1051ffb4ab9f1caa8c23f Mon Sep 17 00:00:00 2001
From: Eric Schultz <eric@startuperic.com>
Date: Wed, 6 Dec 2017 21:28:18 -0600
Subject: [PATCH] Don't send csrf token with crossdomain requests

---
 plugins/dynamix/include/DefaultPageLayout.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/plugins/dynamix/include/DefaultPageLayout.php b/plugins/dynamix/include/DefaultPageLayout.php
index 10ead76ac..3ae99830d 100644
--- a/plugins/dynamix/include/DefaultPageLayout.php
+++ b/plugins/dynamix/include/DefaultPageLayout.php
@@ -277,8 +277,9 @@ var device=navigator.platform.toLowerCase();
 for (var i=0,mobile; mobile=mobiles[i]; i++) {
   if (device.indexOf(mobile)>=0) {$('#footer').css('position','static'); break;}
 }
-$(document).ajaxSend(function(elm, xhr, s){
-  if (s.type == "POST") {
+$.ajaxPrefilter(function(s, orig, xhr){
+  if (s.type == "post" && !s.crossDomain) {
+    s.data = s.data || "";
     s.data += s.data?"&":"";
     s.data += "csrf_token=<?=$var['csrf_token']?>";
   }