[#5359] only add _session_id field to POST forms; GET doesn't need it
diff --git a/Allura/allura/public/nf/js/allura-base.js b/Allura/allura/public/nf/js/allura-base.js
index cf944c0..ef60650 100644
--- a/Allura/allura/public/nf/js/allura-base.js
+++ b/Allura/allura/public/nf/js/allura-base.js
@@ -188,5 +188,5 @@
// Provide CSRF protection
var cval = $.cookie('_session_id');
- $('form').append('<input name="_session_id" type="hidden" value="'+cval+'">');
+ $('form[method=post]').append('<input name="_session_id" type="hidden" value="'+cval+'">');
});